Skip to content

v1 empty can be triggered by anyone #1082

Description

@sebiboga

Current Security:
🚨 CRITICAL: The endpoint has NO authentication or authorization checks!

Anyone can call DELETE /v1/empty/
Only validates that the request method is DELETE
No API keys, tokens, or secret validation
No rate limiting
Public code on GitHub means anyone can call it

Metadata

Metadata

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions