Skip to content

v2.27.2 #1930

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
prafull-opensignlabs merged 24 commits into from
Sep 8, 2025

Merge pull request #1929 from OpenSignLabs/updates-17540166746

1c2f453
Select commit
Loading
Failed to load commit list.
Merged

v2.27.2 #1930

Merge pull request #1929 from OpenSignLabs/updates-17540166746
1c2f453
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL succeeded Sep 8, 2025 in 0s

No new alerts in code changed by this pull request

View all branch alerts.

Annotations

Check failure on line 44 in apps/OpenSign/src/constant/Utils.js

See this annotation in the file changed.

Code scanning / CodeQL

Creating biased random numbers from a cryptographically secure source High

Using modulo on a
cryptographically secure random number
Loading
produces biased results.

Check failure on line 18 in apps/OpenSignServer/cloud/customRoute/customApp.js

See this annotation in the file changed.

Code scanning / CodeQL

Missing rate limiting

This route handler performs [a file system access](1), but is not rate-limited. This route handler performs [a file system access](2), but is not rate-limited. This route handler performs [a file system access](3), but is not rate-limited.

Check failure on line 22 in apps/OpenSignServer/cloud/customRoute/deleteFileUrl.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization

'[amazonaws.com](1)' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 347 in apps/OpenSignServer/cloud/customRoute/deleteUser.js

See this annotation in the file changed.

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to a [user-provided value](1).

Check failure on line 398 in apps/OpenSignServer/cloud/customRoute/deleteUser.js

See this annotation in the file changed.

Code scanning / CodeQL

Reflected cross-site scripting

Cross-site scripting vulnerability due to a [user-provided value](1).

Check warning on line 409 in apps/OpenSignServer/cloud/customRoute/deleteUser.js

See this annotation in the file changed.

Code scanning / CodeQL

Exception text reinterpreted as HTML

[Exception text](1) is reinterpreted as HTML without escaping meta-characters.