Confusion Over Vulnerability of Typesense in Safety DB
TLDR Mehdi was confused about a vulnerability annotation on Typesense in Safety DB. Kishore Nallan clarified it was a false positive, suspecting a new feature of Typesense as the cause. Stefan supported the false positive claim.
1
Jul 07, 2021 (31 months ago)
Mehdi
12:30 PMKishore Nallan
12:32 PMJul 08, 2021 (31 months ago)
Stefan
06:54 AM "typesense": [
{
"advisory": "Typesense 0.13.0 allows one to generate API keys with fine-grained access control restrictions for better security.",
"cve": null,
"id": "pyup.io-38798",
"specs": [
"<0.13.0"
],
"v": "<0.13.0"
}
],
https://raw.githubusercontent.com/pyupio/safety-db/4165745b90dde30ae53e40bd718fa13eb0cd5342/data/insecure_full.json
looks like a false positive?
Stefan
06:55 AMStefan
06:55 AMKishore Nallan
06:55 AMKishore Nallan
06:56 AMKishore Nallan
06:58 AM1
Typesense
Indexed 3015 threads (79% resolved)
Similar Threads
Typesense Bug Fix with `canceled_at` Field and Upgrade Concerns
Mateo reported an issue regarding the treatment of an optional field by Typesense which was confirmed a bug by Jason. After trying an upgrade, an error arose. Jason explained the bug was due to a recent change and proceeded to downgrade their version. Future upgrade protocols were discussed.
Announcement: General Availability of Typesense v0.25.0
Jason announces release of Typesense v0.25.0, listing new features. Users express excitement and ask pertinent questions. Gorkem, Manuel, and Daniel commend the team for the new functionalities. Manish and Tugay share their positive experiences with Typesense. Jason and Kishore Nallan answer questions and thank users for their feedback.
Typesense Feature Developments Discussed
Daniel asked about the release schedule of Typesense and the upcoming features. Kishore Nallan elaborated on the release process and confirmed the new features. They also discussed ID handling and search highlighting features. They tested one of the features successfully.
Fixing Corrupted Documents and Upgrading Typesense Cloud Version
gab had issues with corrupted documents in Typesense Cloud. Jason suggested upgrading to version 0.24.1.rc, which resolved the issue. They also discussed CORS domain management.
Issues with Generating Scope API Keys in Python
Danny had issues generating a valid scope API key in a Python GraphQL server. Jason suggested encoding changes and confirmed that the key length varies. Issue unresolved with Python, although JS library worked.