Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Omb code merge to prod #641

Merged
merged 3 commits into from
Feb 10, 2025

Merge branch 'main' of https://github.com/GSA/eoc into OMB-code-merge…

584d829
Select commit
Loading
Failed to load commit list.
Merged

Omb code merge to prod #641

Merge branch 'main' of https://github.com/GSA/eoc into OMB-code-merge…
584d829
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Feb 10, 2025 in 2s

49 new alerts including 4 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 4 critical
  • 19 high
  • 26 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 2 in evidenceportal/app-0b56b7366a7b6e8bfdb6.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-10093311da513175d301.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-1df52c5bf02304907d9b.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-2a9a6d31a92f2edf35c1.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-2cd7e808a51182bab5d2.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-30437041077e1fbab946.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-37c8b6762fc3df6cffce.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-3e39d4c20c60928b6139.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 2 in evidenceportal/app-70d221461eaf87dac93e.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check warning on line 697 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check failure on line 700 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Use of externally-controlled format string High

Format string depends on a
user-provided value
Loading
.

Check warning on line 703 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 707 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check failure on line 710 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
Loading
.

Check warning on line 711 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check failure on line 915 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL scheme check High

This check does not consider data: and vbscript:.

Check failure on line 1197 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL scheme check High

This check does not consider data: and vbscript:.

Check failure on line 1205 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL scheme check High

This check does not consider data: and vbscript:.

Check failure on line 1429 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Unvalidated dynamic method call High

Invocation of method with
user-controlled
Loading
name may dispatch to unexpected target and cause an exception.

Check warning on line 1763 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 1779 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 1814 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 1815 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 1817 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.

Check warning on line 1826 in evidenceportal/~partytown/debug/partytown-ww-atomics.js

See this annotation in the file changed.

Code scanning / CodeQL

Prototype-polluting assignment Medium

This assignment may alter Object.prototype if a malicious '__proto__' string is injected from
user controlled input
Loading
.