We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What is the bug? The 2 APIs have potential vulnerability: UpdateModel and UpdateModelGroup
Currently, these APIs accept script-like variables in their request bodies without raising exceptions, which could potentially lead to security risks.
Impact: This vulnerability could potentially be exploited to inject malicious scripts, posing a risk to the system's integrity and security.
How can one reproduce the bug? Steps to reproduce the behavior:
PUT /_plugins/_ml/models/w2jYiJUBIo18BRbyKFkp { "name": "<script>alert(1)</script>", "description": "<script>alert(1)</script>" }
What is the expected behavior? Apply stricter regex matching to validate inputs
What is your host/environment?
Do you have any screenshots? If applicable, add screenshots to help explain your problem.
Do you have any additional context? Add any other context about the problem.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
What is the bug?
The 2 APIs have potential vulnerability: UpdateModel and UpdateModelGroup
Currently, these APIs accept script-like variables in their request bodies without raising exceptions, which could potentially lead to security risks.
Impact: This vulnerability could potentially be exploited to inject malicious scripts, posing a risk to the system's integrity and security.
How can one reproduce the bug?
Steps to reproduce the behavior:
What is the expected behavior?
Apply stricter regex matching to validate inputs
What is your host/environment?
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.
The text was updated successfully, but these errors were encountered: