Bug #34: API Accepts Excessively Large Input Values Without Validation (Potential Resource Abuse) - aKinderWellness Testing and Quality analysis - Redmine

Actions

Bug #34

closed

API Accepts Excessively Large Input Values Without Validation (Potential Resource Abuse)

Added by Vivek Kumar about 1 month ago. Updated 25 days ago.

Status:

Closed

Priority:

Normal

Assignee:

-

Start date:

03/21/2026

Due date:

% Done:

100%

Estimated time:

Spent time:

Description

Description:
The /api/organizations/add endpoint accepts excessively large input values across multiple fields (e.g., address, city, name) without enforcing any size limits. This allows submission of very large payloads, which can impact performance and data integrity.

Steps to Reproduce:

Send request to: POST /api/organizations/add
Provide excessively large input (e.g., 1000–10,000+ characters) in fields such as:

address
city
name

Submit the request

Expected Result:
API should:

Enforce maximum input length constraints
Reject excessively large payloads
Return validation error (e.g., 400 Bad Request)

Actual Result:
API accepts very large input values
Request succeeds without validation
Large data is stored/processed

NOTE A request in Postman for reproduction of the issue.

Files

localhost-3000-pages-organizations (1).png (486 KB) localhost-3000-pages-organizations (1).png

Adhi Narayanan, 03/23/2026 04:50 AM

Actions

#1

Updated by Adhi Narayanan 30 days ago

File localhost-3000-pages-organizations (1).png localhost-3000-pages-organizations (1).png added
Status changed from New to Resolved
% Done changed from 0 to 100

Actions

#2

Updated by Vivek Kumar 25 days ago

Status changed from Resolved to Closed

Actions

Also available in: Atom PDF