Code Security Finding: Expression Language Injection (CWE-917, High Severity) in OGNLExpressionInjectionServlet.java:35 #22
Labels
Mend: code security findings
Code security findings detected by Mend
Code Security Finding
This finding was first detected on 2024-02-16 01:29pm GMT and is still present in the last scan performed on 2024-02-16 01:58pm GMT:
CWE-917
OGNLExpressionInjectionServlet.java:35
Vulnerable Code
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Lines 30 to 35 in f83166e
1 Data Flow/s detected
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 31 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 34 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 34 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 34 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 34 in f83166e
easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/OGNLExpressionInjectionServlet.java
Line 35 in f83166e
Secure Code Warrior Training Material
● Videos
● Further Reading
▪ OWASP Top Ten Proactive Controls 2018 C5: Validate All Inputs
▪ OWASP Injection Prevention Cheat Sheet in Java
▪ OWASP Input Validation Cheat Sheet
▪ OWASP Injection Prevention Cheat Sheet
▪ OWASP Top Ten 2021 A03: Injection
🏴 Suppress Finding
The text was updated successfully, but these errors were encountered: