Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Close cross scripting vulnerability #21342

Conversation

sarahalsmiller
Copy link
Member

Description

Sanitizes the user input before returning it using %v instead of directly concatenating the string

Testing & Reproduction steps

Links

https://github.com/hashicorp/consul-enterprise/security/code-scanning/17

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern

@sarahalsmiller sarahalsmiller added theme/security backport/all Apply backports for all active releases per .release/versions.hcl labels Jun 17, 2024
@sarahalsmiller sarahalsmiller marked this pull request as ready for review June 17, 2024 15:48
@dduzgun-security dduzgun-security merged commit c18c911 into main Jun 17, 2024
86 checks passed
@dduzgun-security dduzgun-security deleted the NET-8682-Vulnerabilities-in-consul-enterprise-Reflected-cross-site-scripting-in-agent-kvs_endpoint.go-296 branch June 17, 2024 17:54
@hc-github-team-consul-core hc-github-team-consul-core added backport/1.19 This release series is longer active on CE, use backport/ent/1.19 backport/ent/1.17 This release series is longer active on CE or Ent backport/ent/1.15 Changes are backported to 1.15 ent backport/ent/1.18 Changes are backported to 1.18 ent labels Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/all Apply backports for all active releases per .release/versions.hcl backport/ent/1.15 Changes are backported to 1.15 ent backport/ent/1.17 This release series is longer active on CE or Ent backport/ent/1.18 Changes are backported to 1.18 ent backport/1.19 This release series is longer active on CE, use backport/ent/1.19 theme/security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants