@deepview-autofix flag:
To reproduce:
require('crypto').generateKeyPair('toString', {}, console.log)require('crypto').generateKeyPairSync('toString')type is unlikely to be attacker-controlled without validation on the application side, so I don't think this is worth a private report and does not qualify as a vuln (also, DoS at most)
But should still be fixed
@deepview-autofix flag:
To reproduce:
typeis unlikely to be attacker-controlled without validation on the application side, so I don't think this is worth a private report and does not qualify as a vuln (also, DoS at most)But should still be fixed