[GHSA-8ffj-4hx4-9pgf] lightrag-hku: JWT Algorithm Confusion Vulnerability #7336
Open
nomore8797 wants to merge 1 commit intonomore8797/advisory-improvement-7336from
Open
[GHSA-8ffj-4hx4-9pgf] lightrag-hku: JWT Algorithm Confusion Vulnerability #7336nomore8797 wants to merge 1 commit intonomore8797/advisory-improvement-7336from
nomore8797 wants to merge 1 commit intonomore8797/advisory-improvement-7336from
Conversation
Collaborator
|
Hi there @danielaskdd! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository. This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory |
github-actions
bot
changed the base branch from
main
to
nomore8797/advisory-improvement-7336
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updates
Comments
Hello, GitHub Community Guidelines!
I noticed that the APIs are completely unreliable for everyone, very often fall off for various reasons. Also, do not inspire confidence tokens, they are long and strictly confidential, they need to be stored in a safe place and not get confused about "what from what?" It is not at all convenient and even large systems fail. What if you have a big project or a generative agent who decided to connect himself? I fully support the integration, but as a Safe Architect, I am primarily for the safety and stability of the systems being developed, and as I suggested replacing the author with a solid code, but I propose to revise the integration system more globally and abandon the API in the form in which it is present, namely, remove tokens and unreliable mounts and switch to Safe integration by forming a private code for each system. Forming a Secure Code for Integration can perform agent perfectly. I hope that here, in the virtues of the developers, I will be supported in the fact that integration through the API is obsolete and physically weak for the power and simplicity of the development that we all approached now.
Have a good day.
Respectfully, Olga!