📰 2026-04-29 07:30 更新
🔸 Carrot Disclosure: Forgejo / 胡萝卜披露: Forgejo
🔗 Carrot Disclosure: Forgejo
🔥 27 points
原文:
Since Fedora moved from Pagure to Forgejo, I finally had an incentive to take a good look at Forgejo’s security posture. The results aren’t pretty to be honest: SSRF in a lot of places, no CSP/Trusted-Types, a bit of ghetto templating in
译文:
自从Fedora从Pagure搬到了Forgejo ,我终于有动力好好看看Forgejo的安全态势。老实说,结果并不好:很多地方都有SSRF ,没有CSP/可信类型,有一点贫民窟模板
自动更新 · 正文抓取 · 双语翻译