Dapr june 2023 fuzzing audit reportthe Dapr Runtime, Kit and Components-Contrib sub projects. 3 issues were found. ● 1 index out of range ● 2 panics in Go standard library Table of Contents CNCF security and fuzzing audits 2 Executive and a reproducer testcase. # Title Mitigation 1 Index out of range in ra� log reading Fixed 2 Malicious raw key triggers out of range panic in Go standard library Fixed 3 Key with empty seed will trigger trigger panic in Go standard library Fixed Index out of range in raft log reading OSS-Fuzz bug tracker: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58799 Mitigation: Fixed in https://github0 码力 | 19 页 | 690.59 KB | 1 年前3- The Future of Cloud Native Applications
with Open Application Model (OAM) and Daprstitch together individual container primitives Flexible application modeling supports a wide range of application architectures Small and simple applications are easy, large and complex applications0 码力 | 51 页 | 2.00 MB | 1 年前3
- OAM, Dapr and Rudr: The future of cloud native applicationsto stitch together individual container primitives Flexible application modeling supports a wide range of application architectures Small and simple applications are easy, large and complex applications0 码力 | 59 页 | 1.65 MB | 1 年前3
- Dapr july 2020 security audit reportthat Dapr was clearly implemented with security in mind thus far. Nevertheless, given the reach and range of findings, especially their respective severity levels, a lot of room for improvement is visible0 码力 | 19 页 | 267.84 KB | 1 年前3
- Dapr september 2023 security audit reportthe application does not properly sanitize user input, the Dapr user exposes themselves to a wide range of vulnerabilities. An example from our manual code review are SQL Injections: All components that0 码力 | 47 页 | 1.05 MB | 1 年前3
共 5 条
- 1