You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Code_Injection issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch master
The application's setup method receives and dynamically executes user-controlled code using forName, at line 103 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the executed code via user input, ""jdbcdriver"", which is retrieved by the application in the processRequest method, at line 49 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java.
Code_Injection issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch master
The application's setup method receives and dynamically executes user-controlled code using forName, at line 103 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the executed code via user input, ""jdbcdriver"", which is retrieved by the application in the processRequest method, at line 49 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java.
Severity: High
CWE:94
Vulnerability details and guidance
Internal Guidance
Checkmarx
Lines: 55
Code (Line #55):
The text was updated successfully, but these errors were encountered: