Vulnerability
Systemic Server-Side Request Forgery (SSRF) / Path Traversal vulnerability (G704) across multiple CLI commands.
Affected files
- cmd/episodes.go (4 injection points)
- cmd/shows.go (2 injection points)
- cmd/timeline.go (3 injection points)
- cmd/upload_cmd.go (1 injection point)
Fix
Wrapped all user-supplied IDs with url.PathEscape() before URL construction.
PR with fix
https://github.com/mouhamedRedaRachidy/save-to-spotify/compare/main...mouhamedRedaRachidy:main?expand=1
The fix and 10 unit tests are ready for review.
Vulnerability
Systemic Server-Side Request Forgery (SSRF) / Path Traversal vulnerability (G704) across multiple CLI commands.
Affected files
Fix
Wrapped all user-supplied IDs with url.PathEscape() before URL construction.
PR with fix
https://github.com/mouhamedRedaRachidy/save-to-spotify/compare/main...mouhamedRedaRachidy:main?expand=1
The fix and 10 unit tests are ready for review.