Skip to content

Stoplight vulnerability -STOP1246 #2754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SB-harshitajadhav wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Stoplight vulnerability -STOP1246 #2754

SB-harshitajadhav wants to merge 3 commits into from
+51,006 −4

Conversation

@SB-harshitajadhav
Copy link
Contributor

@SB-harshitajadhav SB-harshitajadhav commented Dec 12, 2024
edited
Loading

Elements Default PR Template

STOP-1246

In general, make sure you have: (check the boxes to acknowledge you've followed this template)

Description

For Lack of Encoding, we have applied the fix, all user-supplied data within the parameterValues is now sanitized before being processed by the application.

How Has This Been Tested?

Tested it locally.

Screenshot(s)/recordings(s)

Input
image

Before
image

After
image

Other Available PR Templates:

@netlify
Copy link

netlify bot commented Dec 12, 2024
edited
Loading

Deploy Preview for stoplight-elements ready!

Name Link
🔨 Latest commit ac21bef
🔍 Latest deploy log https://app.netlify.com/projects/stoplight-elements/deploys/69671b7dcd565300088445d2
😎 Deploy Preview https://deploy-preview-2754--stoplight-elements.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Dec 12, 2024
edited
Loading

Deploy Preview for stoplight-elements-demo ready!

Name Link
🔨 Latest commit ac21bef
🔍 Latest deploy log https://app.netlify.com/projects/stoplight-elements-demo/deploys/69671b7d7e05670008e12859
😎 Deploy Preview https://deploy-preview-2754--stoplight-elements-demo.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@SB-harshitajadhav SB-harshitajadhav marked this pull request as ready for review December 20, 2024 05:49
@SB-harshitajadhav SB-harshitajadhav requested a review from a team as a code owner December 20, 2024 05:49
@prafullaAtSB
Copy link
Contributor

prafullaAtSB commented Jan 14, 2026

Re-opening the PR as team started working on this again.

@prafullaAtSB prafullaAtSB reopened this Jan 14, 2026
prafullaAtSB
prafullaAtSB approved these changes Jan 14, 2026
View reviewed changes
Copy link
Contributor

@prafullaAtSB prafullaAtSB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes are good to fix path traversal by sanitizing the request parameters which may have vulnerable paths.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prafullaAtSB prafullaAtSB prafullaAtSB approved these changes

@SB-pradeep-bande SB-pradeep-bande Awaiting requested review from SB-pradeep-bande

@SB-akshaythakar SB-akshaythakar Awaiting requested review from SB-akshaythakar

@bhaskarsontakke bhaskarsontakke Awaiting requested review from bhaskarsontakke

@darekplawecki darekplawecki Awaiting requested review from darekplawecki darekplawecki is a code owner automatically assigned from stoplightio/elements-owners

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@SB-harshitajadhav @prafullaAtSB @SB-pradeep-bande