You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the production instance of Filigran, which is 1.5 month old (so post 6.0), we have very odd open vocab with the full JSON (unparsed). No investigated yet but I think this might be critical (cc @Kedae@richard-julien):
I cannot access this space within production, but I can at least reproduce on demo the fact copy/pasting a json in the attribute name within an open_vocab is possible .
@Megafredo@nino-filigran It seems to be linked to the Mandiant connector not parsing correctly the motivation. If this is just this, no problem it is not critical at all. Thanks @Megafredo for the quick fix.
@nino-filigran it is normal that you can put manually any kind of content in the open vocab, json is still a string. I was fearing more a global issue in the Python library when we create open vocabs. If it is limited to Mandiant I think we can remove the tag critical.
SamuelHassine
changed the title
Open vocabularies very strange behaviour in production, can lead to critical issue
[mandiant] Open vocabularies very strange behaviour in production
Apr 11, 2024
Description
In the production instance of Filigran, which is 1.5 month old (so post 6.0), we have very odd open vocab with the full JSON (unparsed). No investigated yet but I think this might be critical (cc @Kedae @richard-julien):
https://filigran.octi.filigran.io/dashboard/settings/vocabularies/fields/attack_motivation_ov
The text was updated successfully, but these errors were encountered: