You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is vague fear I have about expoing cfn_nag a service.... it takes arbitrary json/yml.... and then on the backend there is a lot of eval magic with rules and such. Need to spend some quality time to see if there a code injection exploit or at least make sure we are doing the strictest lockdown/parse of the json/yml as possible.
The text was updated successfully, but these errors were encountered:
This is vague fear I have about expoing cfn_nag a service.... it takes arbitrary json/yml.... and then on the backend there is a lot of eval magic with rules and such. Need to spend some quality time to see if there a code injection exploit or at least make sure we are doing the strictest lockdown/parse of the json/yml as possible.
The text was updated successfully, but these errors were encountered: