[Security] Close cross scripting vulnerability (#21342)

* close vulnerability * add changelog
2025-02-16 15:47:21 +00:00 · 2024-06-17 12:54:37 -05:00 · 2024-06-17 12:54:37 -05:00 · c18c911ac8
commit c18c911ac8
parent 7a19d2e7a4
2 changed files with 4 additions and 1 deletions
--- a/.changelog/21342.txt
+++ b/.changelog/21342.txt
@ -0,0 +1,3 @@
+```release-note:security
+agent: removed reflected cross-site scripting vulnerability
+```
--- a/agent/kvs_endpoint.go
+++ b/agent/kvs_endpoint.go
@ -293,7 +293,7 @@ func conflictingFlags(resp http.ResponseWriter, req *http.Request, flags ...stri
 		if _, ok := params[conflict]; ok {
 			if found {
 				resp.WriteHeader(http.StatusBadRequest)
-				fmt.Fprint(resp, "Conflicting flags: "+params.Encode())
+				fmt.Fprintf(resp, "Conflicting flags: %v\n", params.Encode())
 				return true
 			}
 			found = true