Bug
In src/main/java/.../SecurityConfig.java:74, the endpoint POST /challenges/problems/seed is publicly accessible with .permitAll(). Any unauthenticated user can insert arbitrary problems into the database.
Impact
Unauthenticated data injection - anyone can pollute the problems database.
Fix
Require authentication (ROLE_USER or ADMIN) for the seed endpoint.
@ashish-066 Please assign me this issue under GSSOC 2026.
Bug
In
src/main/java/.../SecurityConfig.java:74, the endpointPOST /challenges/problems/seedis publicly accessible with.permitAll(). Any unauthenticated user can insert arbitrary problems into the database.Impact
Unauthenticated data injection - anyone can pollute the problems database.
Fix
Require authentication (ROLE_USER or ADMIN) for the seed endpoint.
@ashish-066 Please assign me this issue under GSSOC 2026.