At least two groups encountered a blank screen when accessing the treatment section of the location view. The issue started on UTC-5 23-08-04 11:38 and was proactively discovered 1.1 months (TTD) later by a developer who attempted to view treatments for a specific vulnerability. He encountered a white screen from the Platform and reported this through our internal channels [1]. He observed seven vulnerabilities across two groups with no corresponding evidence. The problem was resolved in 7 days (TTF) resulting in a total impact of 1.3 months (TTR).
Cause
The issue stemmed from the interpretation of the severity score in the treatments panel. Despite being intended as a number, it was typed as a string. When calling a method from the string class with a number class, it crashes with the error c.startsWith is not a function, leading to a blank screen.
The values assigned to the variable href were converted from integer to string [3].
The engineering team is still investigating why this data is received as an integer despite the intended typing. It may be related to how the Vite bundle interprets TypeScript code during bundling. Further efforts are underway to understand and rectify this incorrect typing to prevent similar issues in the future. NO_SPECIFIED