Audit Open Original ↗

CloudEvents

Type

Security review

Client

—

Date

2022-10

Domain

AppSec

Effort

4 wks

Section

Technology Product Reviews

Trail of Bits's security review of CloudEvents (Oct 2022) identified 7 issues: 1 informational, and 6 undetermined.

Findings · 7

1 [Java SDK] Reliance on default encoding Undetermined
2 [Java SDK] Outdated Vulnerable Dependencies Undetermined
3 [JavaScript SDK] Potential XSS in httpTransport() Undetermined
4 [Go SDK] Outdated Vulnerable Dependencies Undetermined
5 [Go SDK] Downcasting of 64-bit integer Undetermined
6 [Go SDK] ReadHeaderTimeout not configured Informational
7 [CSharp SDK] Outdated Vulnerable Dependencies Undetermined

Findings extracted from the published report PDF. See the full report below for details and remediation.

Open the PDF ↗

Related