A malicious actor may be able to extract a JWT token via malicious "/command" request. This is a form of cross site scripting (XSS).
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2721" }
{ "imports": [ { "symbols": [ "NewServer", "httpController.sendCommandHandler" ], "path": "github.com/tiagorlampert/CHAOS/presentation/http" } ] }