-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Vulnerability: Lack of Authorization Mechanism #228
Comments
Congratulations, @Somesh-nayek! 🎉 Thank you for creating your issue. Your contribution is greatly appreciated and we look forward to working with you to resolve the issue. Keep up the great work! We will promptly review your changes and offer feedback. Keep up the excellent work! Kindly remember to check our contributing guidelines |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The routes are not checking whether the person who wants to add or delete information from an account is authorised to do that or not.
If the check is not implemented ,anyone can delete anyone's data and that will be a security breach.
In the example snippet above there is not authorization check.
@Sahil1786 ,I want to work on this .please assign me this under GSSOC-2024
The text was updated successfully, but these errors were encountered: