Skip to content

fix: security vulnerabilities (Trust scan 1eca2c38)#7078

Open
Jaden-JJH wants to merge 4 commits intoexpressjs:masterfrom
Jaden-JJH:trust-security/fix-1eca2c38
Open

fix: security vulnerabilities (Trust scan 1eca2c38)#7078
Jaden-JJH wants to merge 4 commits intoexpressjs:masterfrom
Jaden-JJH:trust-security/fix-1eca2c38

Conversation

@Jaden-JJH
Copy link

@Jaden-JJH Jaden-JJH commented Mar 2, 2026

Security Fixes by Trust Security

Scan ID: 1eca2c38-8fe0-408c-bb63-6e3d296e91b4
Score: 83/100 (Grade B+)

Fixed Vulnerabilities (10)

  • [LOW] Unsafe Formatstring (CWE-134) (examples/search/index.js)
  • [MEDIUM] Express Cookie Session No Httponly (CWE-522) (examples/auth/index.js)
  • [MEDIUM] Express Cookie Session No Secure (CWE-522) (examples/auth/index.js)
  • [MEDIUM] Template Explicit Unescape (CWE-79) (examples/auth/views/login.ejs)
  • [MEDIUM] Express Cookie Session Default Name (CWE-522) (examples/auth/index.js)
  • [MEDIUM] Express Cookie Session No Domain (CWE-522) (examples/auth/index.js)
  • [MEDIUM] Express Session Hardcoded Secret (CWE-798) (examples/auth/index.js)
  • [MEDIUM] Direct Response Write (CWE-79) (examples/params/index.js)
  • [MEDIUM] Express Cookie Session No Expires (CWE-522) (examples/auth/index.js)
  • [MEDIUM] Express Cookie Session No Path (CWE-522) (examples/auth/index.js)

Generated by Trust Security

Jaden-JJH added 4 commits March 3, 2026 00:00
@Jaden-JJH
fix: Unsafe Formatstring (CWE-134)
39a8078
@Jaden-JJH
fix: Express Cookie Session No Httponly (CWE-522), Express Cookie Ses…
6513639 
…sion No Secure (CWE-522), Express Cookie Session Default Name (CWE-522), Express Cookie Session No Domain (CWE-522), Express Session Hardcoded Secret (CWE-798), Express Cookie Session No Expires (CWE-522), Express Cookie Session No Path (CWE-522)
@Jaden-JJH
fix: Template Explicit Unescape (CWE-79)
d7abb79
@Jaden-JJH
fix: Direct Response Write (CWE-79)
33b1afa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jaden-JJH