From the review (https://github.com/v-code01/ledge/blob/main/AUDIT.md R-2). Only a first-party review exists (AUDIT.md). Engage an external auditor for the auth, multi-tenant isolation, untrusted-pack decode, and SSRF surfaces before hosting untrusted tenants. AUDIT.md is the threat model to hand them. Severity: High (for untrusted-multi-tenant use).
From the review (https://github.com/v-code01/ledge/blob/main/AUDIT.md R-2). Only a first-party review exists (AUDIT.md). Engage an external auditor for the auth, multi-tenant isolation, untrusted-pack decode, and SSRF surfaces before hosting untrusted tenants. AUDIT.md is the threat model to hand them. Severity: High (for untrusted-multi-tenant use).