Skip to content

Commit 05594f2

Browse files
committed
JS: Change note
1 parent 0bd60c1 commit 05594f2

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed
Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
lgtm,codescanning
2+
* The security queries now recognize the effect of JSON schema validation, and highlights
3+
cases where this validation is susceptible to denial-of-service attacks.
4+
Affects the package [ajv](https://npmjs.com/package/ajv).
5+
* A new query, `js/resource-exhaustion-from-deep-object-traversal`, has been added to the query suite,
6+
highlighting denial-of-service attacks exploiting operations that traverse deeply user-controlled objects.
7+
* The `js/xss-through-exception` query now recognizes JSON schema validation errors as a source, as they
8+
may contain part of the input data.

0 commit comments

Comments
 (0)