mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
9 lines
598 B
Markdown
9 lines
598 B
Markdown
lgtm,codescanning
|
|
* The security queries now recognize the effect of JSON schema validation, and highlights
|
|
cases where this validation is susceptible to denial-of-service attacks.
|
|
Affects the package [ajv](https://npmjs.com/package/ajv).
|
|
* A new query, `js/resource-exhaustion-from-deep-object-traversal`, has been added to the query suite,
|
|
highlighting denial-of-service attacks exploiting operations that traverse deeply user-controlled objects.
|
|
* The `js/xss-through-exception` query now recognizes JSON schema validation errors as a source, as they
|
|
may contain part of the input data.
|