New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create vulnerable.js #49

Open

shwetarkadam wants to merge 1 commit into main from feature/demo1

Open

Create vulnerable.js #49

Create vulnerable.js

GitHub Advanced Security / CodeQL failed Aug 31, 2024 in 3s

6 new alerts including 2 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

2 critical
4 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 15 in vulnerable.js

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a

user-provided value

.

Check failure on line 24 in vulnerable.js

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a

user-provided value

.

Check failure on line 30 in vulnerable.js

Code scanning / CodeQL

Hard-coded credentials Critical

The hard-coded value "secretkey" is used as

jwt key

.

Check failure on line 44 in vulnerable.js

Code scanning / CodeQL

Missing rate limiting High

This route handler performs

a file system access

, but is not rate-limited.

Check failure on line 37 in vulnerable.js

Code scanning / CodeQL

Uncontrolled data used in path expression High

This path depends on a

user-provided value

.

Check failure on line 50 in vulnerable.js

Code scanning / CodeQL

Code injection Critical

This code execution depends on a

user-provided value

.