Lucas Tesson
Lucas Tesson
> This could be easier to implement in Python, what about just rewriting ChopChop in Python for maintainability? I don't see the point on re-writing it again in Python, Go...
A little dive into the code shows the issue is limited to `hidden`, despite https://github.com/CTFd/CTFd/blob/master/CTFd/api/v1/challenges.py#L104 shows it should be possible to filter with `None` by default. There also seems to...
By dissecting the code, seems there is no obvious authentication : https://github.com/CTFd/CTFd/blob/master/CTFd/api/v1/notifications.py#L104, same for `get` method.
Up @ColdHeat, don't know if you had time to check 🤗
By dissecting the code, seems to be an undocumented behaviour enabling account takeover from an administrator. See https://github.com/CTFd/CTFd/blob/master/CTFd/schemas/tokens.py
> There could be options to only allow for reporting severity from certain sources and not others, or only report CVSS version X and not Y, etc. Remember (for second...
To help you implement this, and Go folks around here, I documented an efficient way to handle and verify CVSS vectors at https://github.com/pandatix/go-cvss#how-to-determine-cvss-version. As the idea here is to check...
The NVD has now official support of CVSS v4.0 (https://nvd.nist.gov/general/news/cvss-v4-0-official-support), may be a good time to re-evaluate this PR.
Hey, quick update on the latest implem that is supposed to close this issue. ## CVSS v2 Vector `AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:H` is parsed without returning an error despite it being invalid (missing...
Followup here before the review, there are still some issues. ## CVSS v2.0 For vector `AV:A/AC:L/Au:N/C:C/I:C/A:C/CDP:H/TD:H/CR:H` the current code did not raise an error, despite the documentation (Table 13) define...