#js

### Summary The [`OrderAndPaginate`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L99C4) function is used to order and paginate data. It is defined as follows: ```go func OrderAndPaginate(c *gin.Context) func(db *gorm.DB) *gorm.DB { return func(db *gorm.DB) *gorm.DB { sort := c.DefaultQuery("order", "desc") order := fmt.Sprintf("`%s` %s", DefaultQuery(c, "sort_by", "id"), sort) db = db.Order(order) ... } } ``` By using [`DefaultQuery`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L278-L287), the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. The same happens with [`SortOrder`](https://github.com/0xjacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/model/model.go#L91), but it doesn...

Red Hat Security Advisory 2024-0107-03 - An update for nss is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-0106-03 - An update for nss is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-0105-03 - An update for nss is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0101-03 - Red Hat build of Keycloak 22.0.8 is now available from the Customer Portal. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0100-03 - A security update is now available for Red Hat build of Keycloak 22.0.8 images running on OpenShift Container Platform. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0098-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0097-03 - A new image is available for Red Hat Single Sign-On 7.6.6, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0096-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 9. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2024-0095-03 - New Red Hat Single Sign-On 7.6.6 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include an open redirection vulnerability.