Flux

Findings · 10

1. 1 SetExpiration does not set the expiration for the given key Low
2. 2 Inappropriate string trimming function Informational
3. 3 Go’s default HTTP client uses a shared value that can be modified by other components Low
4. 4 Unhandled error value Informational
5. 5 Potential implicit memory aliasing in for loops Informational
6. 6 Directories created via os.MkdirAll are not checked for permissions Informational
7. 7 Directories and files created with overly lenient permissions Informational
8. 8 No restriction on minimum SSH RSA public key bit size Informational
9. 9 Flux macOS release binary susceptible to .dylib injection Low
10. 10 Path traversal in SecureJoin implementation Undetermined

Findings extracted from the published report PDF. See the full report below for details and remediation.