Skip to content

*SECURITY* fixes after pentest

Pavlo Mashliakovskiy requested to merge fix/securityAfterPentest into master
  • fixed possible SQL injection in UBQL logicalPredicates (Repository.logic)
  • CSV export now adds ' (single quoter) into beginning of the string what looks like an Excel formulas during CSV export to prevent CSV Injection/Formula Injection attack. Can be disabled by set
  • UB/UBLDAP authorization now can accept password and clientNonce as JSON body in 2-n stage POST request instead of parameters in URI

Merge request reports

Loading