From c1d1ec1bb8ee6bee310f63df1190f81a652e63e4 Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Mon, 30 Jun 2025 14:42:53 +0000 Subject: [PATCH] fix(security): autofix NoSQL injection attack possible --- routes/trackOrder.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routes/trackOrder.ts b/routes/trackOrder.ts index f11e83cba61..fc9dbcd1a8e 100644 --- a/routes/trackOrder.ts +++ b/routes/trackOrder.ts @@ -15,7 +15,7 @@ module.exports = function trackOrder () { const id = utils.disableOnContainerEnv() ? String(req.params.id).replace(/[^\w-]+/g, '') : req.params.id challengeUtils.solveIf(challenges.reflectedXssChallenge, () => { return utils.contains(id, '