Sensitive information like API keys or passwords are hardcoded, exposing them to misuse.
Affected Code Sections: src/config/config.js (lines 10-12)
Details: API keys exposed in version control history.
Code Snippet:
Unauthorized access to third-party services and data leaks.
Remove hardcoded secrets; use environment variables or secret management tools (e.g., dotenv, AWS Secrets Manager).
Use .gitignore and Git hooks to prevent sensitive info commits.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.