Skip to content

Vulnerability fix (powered by Mobb Autofixer)#7

Open
msant262 wants to merge 1 commit intodevelopfrom
Mobb-fix-d9aa1
Open

Vulnerability fix (powered by Mobb Autofixer)#7
msant262 wants to merge 1 commit intodevelopfrom
Mobb-fix-d9aa1

Conversation

@msant262
Copy link
Owner

@msant262 msant262 commented Mar 26, 2024

Fix for SQL Injection in SqlInjectionLesson8.java done with the help of Mobb

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 26, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot
E Reliability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

@msant262
Copy link
Owner Author

msant262 commented Mar 26, 2024

Logo
Checkmarx One – Scan Summary & Detailsc2e0ec73-3daa-4063-8105-4be93a26875e

New Issues

Severity Issue Source File / Package Checkmarx Insight
HIGH CVE-2023-51775 Maven-org.bitbucket.b_c:jose4j-0.7.6 Vulnerable Package
HIGH CVE-2023-5685 Maven-org.jboss.xnio:xnio-api-3.8.0.Final Vulnerable Package
HIGH CVE-2024-22257 Maven-org.springframework.security:spring-security-core-5.4.5 Vulnerable Package
HIGH CVE-2024-22259 Maven-org.springframework:spring-web-5.3.4 Vulnerable Package
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 107 Attack Vector
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 106 Attack Vector
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 105 Attack Vector
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 107 Attack Vector
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 106 Attack Vector
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 105 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1215 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1211 Attack Vector
LOW Client_DOM_Open_Redirect /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1203 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js: 505 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js: 332 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java: 55
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java: 55
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java: 54
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java: 54

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@msant262