The error bellow was solved in this PR https://github.com/openshift/hypershift/pull/4723, but we can do a better sanitisation of the IgnitionServer payload. This is the suggestion from Alberto in Slack: https://redhat-internal.slack.com/archives/G01QS0P2F6W/p1726257008913779?thread_ts=1726241321.475839&cid=G01QS0P2F6W
✗ [High] Cross-site Scripting (XSS) Path: ignition-server/cmd/start.go, line 250 Info: Unsanitized input from an HTTP header flows into Write, where it is used to render an HTML page returned to the user. This may result in a Reflected Cross-Site Scripting attack (XSS).
- clones
-
OCPBUGS-41935 Unsanitized input into IgnitionServer from HTTP header
-
- Closed
-
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update