Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Issues #23

Closed
entrptaher opened this issue Oct 25, 2018 · 1 comment
Closed

Security Issues #23

entrptaher opened this issue Oct 25, 2018 · 1 comment
Assignees
@entrptaher

Comments

@entrptaher
Copy link
Member

This is one of the major issues we will be working on.

  1. Admin database exposed at /admin/users
  2. Websocket is unauthenticated

The reason is, this was a prototype and got hunted on producthunt unfortunatly.

Action:

  • Take down wireflow for now,
  • Fix these problems before moving on to next version.
@entrptaher entrptaher self-assigned this Oct 25, 2018
@entrptaher entrptaher mentioned this issue Oct 25, 2018
Merged
@xet7
Copy link
Collaborator

xet7 commented Aug 1, 2019
edited

@entrptaher

According to npm audit, after Meteor 1.8.1 upgrades at #31 remaining issue is materialize-css that could be low severity one, it seems to not yet have fix or I did not find replacement version yet.

There could be some other issues that npm audit does not show at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@entrptaher entrptaher

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xet7 @entrptaher @vanilataher