{"id":7902,"date":"2023-11-30T17:25:15","date_gmt":"2023-11-30T08:25:15","guid":{"rendered":"\/blog\/?p=7902"},"modified":"2023-11-30T18:15:39","modified_gmt":"2023-11-30T09:15:39","slug":"snyk-sast-%ea%b2%b0%ea%b3%bc-%ec%83%98%ed%94%8c","status":"publish","type":"post","link":"https:\/\/hasu0707.duckdns.org\/blog\/?p=7902","title":{"rendered":"[snyk] SAST \uacb0\uacfc \uc0d8\ud50c"},"content":{"rendered":"\n<p class=\"has-large-font-size\">Code<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"false\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">Testing D:\\0_tmp\\snyk\\webgoat1 ...\n\n \u2717 [Low] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakSessionID.java, line 208\n   Info: Cookie misses a call to setSecure. Set the Secure flag to true to protect the cookie from man-in-the-middle attacks.\n\n \u2717 [Low] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 171\n   Info: Cookie misses a call to setSecure. Set the Secure flag to true to protect the cookie from man-in-the-middle attacks.\n\n \u2717 [Low] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 192\n   Info: Cookie misses a call to setSecure. Set the Secure flag to true to protect the cookie from man-in-the-middle attacks.\n\n \u2717 [Low] Sensitive Cookie in HTTPS Session Without 'Secure' Attribute\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 144\n   Info: Cookie misses a call to setSecure. Set the Secure flag to true to protect the cookie from man-in-the-middle attacks.\n\n \u2717 [Low] Trust Boundary Violation\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/ViewProfile.java, line 86\n   Info: Unsanitized input from an HTTP parameter flows into setAttribute where it is used to modify the HTTP session object. This could result in mixing trusted and untrusted data in the same data structure, thus increasing the likelihood to mistakenly trust unvalidated data.\n\n \u2717 [Low] Trust Boundary Violation\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/Login.java, line 154\n   Info: Unsanitized input from an HTTP parameter flows into setAttribute where it is used to modify the HTTP session object. This could result in mixing trusted and untrusted data in the same data structure, thus increasing the likelihood to mistakenly trust unvalidated data.\n\n \u2717 [Low] Trust Boundary Violation\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/Login.java, line 196\n   Info: Unsanitized input from an HTTP parameter flows into setAttribute where it is used to modify the HTTP session object. This could result in mixing trusted and untrusted data in the same data structure, thus increasing the likelihood to mistakenly trust unvalidated data.\n\n \u2717 [Low] Trust Boundary Violation\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/CrossSiteScripting\/FindProfile.java, line 84\n   Info: Unsanitized input from an HTTP parameter flows into setAttribute where it is used to modify the HTTP session object. This could result in mixing trusted and untrusted data in the same data structure, thus increasing the likelihood to mistakenly trust unvalidated data.\n\n \u2717 [Low] Use of Password Hash With Insufficient Computational Effort\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Encoding.java, line 640\n   Info: The MD5 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm\n\n \u2717 [Low] Sensitive Cookie Without 'HttpOnly' Flag\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakSessionID.java, line 208\n   Info: Cookie misses a call to setHttpOnly. Set the HttpOnly flag to true to protect the cookie from possible malicious code on client side.\n\n \u2717 [Low] Sensitive Cookie Without 'HttpOnly' Flag\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 171\n   Info: Cookie misses a call to setHttpOnly. Set the HttpOnly flag to true to protect the cookie from possible malicious code on client side.\n\n \u2717 [Low] Sensitive Cookie Without 'HttpOnly' Flag\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 192\n   Info: Cookie misses a call to setHttpOnly. Set the HttpOnly flag to true to protect the cookie from possible malicious code on client side.\n\n \u2717 [Low] Sensitive Cookie Without 'HttpOnly' Flag\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 144\n   Info: Cookie misses a call to setHttpOnly. Set the HttpOnly flag to true to protect the cookie from possible malicious code on client side.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 124\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 93\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 98\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 104\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 133\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WeakAuthenticationCookie.java, line 137\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WSDLScanning.java, line 146\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Low] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HtmlClues.java, line 83\n   Info: Do not hardcode credentials in code.\n\n \u2717 [Medium] Cleartext Transmission of Sensitive Information\n   Path: JavaSource\/org\/owasp\/webgoat\/util\/Interceptor.java, line 97\n   Info: Writing to an unencrypted socket is insecure - a man-in-the-middle attacker can tamper the messages. Consider using SSL sockets.\n\n \u2717 [Medium] Cleartext Transmission of Sensitive Information\n   Path: JavaSource\/org\/owasp\/webgoat\/util\/Interceptor.java, line 98\n   Info: Reading from an unencrypted socket is insecure - a man-in-the-middle attacker can tamper the messages. Consider using SSL sockets.\n\n \u2717 [Medium] Improper Neutralization of CRLF Sequences in HTTP Headers\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HttpOnly.java, line 195\n   Info: Unsanitized input from cookies flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR\/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.\n\n \u2717 [Medium] Improper Neutralization of CRLF Sequences in HTTP Headers\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HttpOnly.java, line 198\n   Info: Unsanitized input from cookies flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR\/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.\n\n \u2717 [Medium] Improper Neutralization of CRLF Sequences in HTTP Headers\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HttpOnly.java, line 209\n   Info: Unsanitized input from cookies flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR\/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.\n\n \u2717 [Medium] Improper Neutralization of CRLF Sequences in HTTP Headers\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HttpOnly.java, line 212\n   Info: Unsanitized input from cookies flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR\/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.\n\n \u2717 [Medium] Improper Neutralization of CRLF Sequences in HTTP Headers\n   Path: JavaSource\/org\/owasp\/webgoat\/session\/WebSession.java, line 335\n   Info: Unsanitized input from cookies flows into addCookie and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR\/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.\n\n \u2717 [Medium] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 153\n   Info: Do not hardcode passwords in code. Found hardcoded password used in equals.\n\n \u2717 [Medium] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/HtmlClues.java, line 83\n   Info: Do not hardcode passwords in code. Found hardcoded password used in equals.\n\n \u2717 [Medium] Use of Hardcoded Credentials\n   Path: JavaSource\/org\/owasp\/webgoat\/session\/CreateDB.java, line 72\n   Info: Do not hardcode passwords in code. Found hardcoded password used in here.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 220\n   Info: Unsanitized input from cookies flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/CrossSiteScripting\/UpdateProfile.java, line 248\n   Info: Unsanitized input from an HTTP parameter flows into executeUpdate, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/CrossSiteScripting\/UpdateProfile.java, line 340\n   Info: Unsanitized input from an HTTP parameter flows into executeUpdate, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/DOS_Login.java, line 134\n   Info: Unsanitized input from an HTTP parameter flows into executeUpdate, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/RoleBasedAccessControl\/UpdateProfile.java, line 295\n   Info: Unsanitized input from an HTTP parameter flows into executeUpdate, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/BackDoors.java, line 106\n   Info: Unsanitized input from an HTTP parameter flows into executeUpdate, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/ViewProfile.java, line 118\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/ViewProfile.java, line 178\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/Login.java, line 149\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SQLInjection\/Login.java, line 191\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SqlNumericInjection.java, line 130\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/DOS_Login.java, line 114\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/RoleBasedAccessControl\/Login.java, line 148\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/BlindSqlInjection.java, line 122\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/SqlStringInjection.java, line 112\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WsSqlInjection.java, line 240\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/admin\/ViewDatabase.java, line 89\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/ThreadSafetyProblem.java, line 103\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/RoleBasedAccessControl\/UpdateProfile.java, line 176\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] SQL Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/BackDoors.java, line 113\n   Info: Unsanitized input from an HTTP parameter flows into executeQuery, where it is used in an SQL query. This may result in an SQL Injection vulnerability.\n\n \u2717 [High] Path Traversal\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/admin\/SummaryReportCardScreen.java, line 89\n   Info: Unsanitized input from an HTTP parameter flows into java.io.FileInputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.\n\n \u2717 [High] Path Traversal\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/admin\/ReportCardScreen.java, line 164\n   Info: Unsanitized input from an HTTP parameter flows into java.io.FileInputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.\n\n \u2717 [High] Path Traversal\n   Path: JavaSource\/org\/owasp\/webgoat\/util\/Interceptor.java, line 135\n   Info: Unsanitized input from the request URL flows into getRequestDispatcher, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.\n\n \u2717 [High] Command Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 649\n   Info: Unsanitized input from an HTTP parameter flows into exec, where it is used as a shell command. This may result in a Command Injection vulnerability.\n\n \u2717 [High] Command Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Challenge2Screen.java, line 654\n   Info: Unsanitized input from an HTTP parameter flows into exec, where it is used as a shell command. This may result in a Command Injection vulnerability.\n\n \u2717 [High] XML External Entity (XXE) Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/WsSAXInjection.java, line 179\n   Info: Unsanitized input from an HTTP parameter flows into parse, which allows expansion of external entity references. This may result in a XXE attack leading to the disclosure of confidential data or denial of service.\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/lessons\/SQLInjection\/SearchStaff.jsp, line 11\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/lessons\/CrossSiteScripting\/ViewProfile.jsp, line 171\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/lessons\/CrossSiteScripting\/SearchStaff.jsp, line 11\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/lessons\/RoleBasedAccessControl\/SearchStaff.jsp, line 11\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 114\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 119\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 124\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 130\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 135\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 163\n   Info: Unsanitized input from an HTTP parameter flows into print, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] Cross-site Scripting (XSS)\n   Path: WebContent\/main.jsp, line 191\n   Info: Unsanitized input from cookies flows into println, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\n\n \u2717 [High] XPath Injection\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/XPATHInjection.java, line 158\n   Info: Unsanitized input from an HTTP parameter flows into evaluate, where it is used in an XPath query. This may result in an XPath Injection vulnerability.\n\n \u2717 [High] Hardcoded Secret\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Encoding.java, line 487\n   Info: Hardcoded value array {...} is used as a cipher salt. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.\n\n \u2717 [High] Hardcoded Secret\n   Path: JavaSource\/org\/owasp\/webgoat\/lessons\/Encoding.java, line 531\n   Info: Hardcoded value array {...} is used as a cipher salt. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.\n\n\n\u2714 Test completed\n\nOrganization:      esecuvali-8y3\nTest type:         Static code analysis\nProject path:      D:\\0_tmp\\snyk\\webgoat1\n\nSummary:\n\n  71 Code issues found\n  40 [High]   10 [Medium]   21 [Low]<\/pre>\n\n\n\n<p class=\"has-large-font-size\">Open Source<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"false\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">\nTesting D:\\0_tmp\\eCommerceWebsite...\n\nTested 31 dependencies for known issues, found 13 issues, 13 vulnerable paths.\n\n\nIssues to fix by upgrading:\n\n  Upgrade com.fasterxml.jackson.core:jackson-databind@2.11.2 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix\n  \u2717 Denial of Service (DoS) [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.11.2\n    introduced by com.fasterxml.jackson.core:jackson-databind@2.11.2\n  \u2717 Denial of Service (DoS) [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.11.2\n    introduced by com.fasterxml.jackson.core:jackson-databind@2.11.2\n  \u2717 Denial of Service (DoS) [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.11.2\n    introduced by com.fasterxml.jackson.core:jackson-databind@2.11.2\n  \u2717 Denial of Service (DoS) [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.11.2\n    introduced by com.fasterxml.jackson.core:jackson-databind@2.11.2\n\n  Upgrade com.google.code.gson:gson@2.8.6 to com.google.code.gson:gson@2.8.9 to fix\n  \u2717 Deserialization of Untrusted Data [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-COMGOOGLECODEGSON-1730327] in com.google.code.gson:gson@2.8.6\n    introduced by com.google.code.gson:gson@2.8.6\n\n  Upgrade mysql:mysql-connector-java@5.1.45 to mysql:mysql-connector-java@8.0.28 to fix\n  \u2717 Improper Authorization [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-MYSQL-2386864] in mysql:mysql-connector-java@5.1.45\n    introduced by mysql:mysql-connector-java@5.1.45\n  \u2717 XML External Entity (XXE) Injection [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-MYSQL-1766958] in mysql:mysql-connector-java@5.1.45\n    introduced by mysql:mysql-connector-java@5.1.45\n  \u2717 Privilege Escalation [Medium Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-MYSQL-174574] in mysql:mysql-connector-java@5.1.45\n    introduced by mysql:mysql-connector-java@5.1.45\n  \u2717 Access Control Bypass [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-MYSQL-451464] in mysql:mysql-connector-java@5.1.45\n    introduced by mysql:mysql-connector-java@5.1.45\n\n  Upgrade org.hibernate:hibernate-core@5.4.10.Final to org.hibernate:hibernate-core@5.4.24.Final to fix\n  \u2717 SQL Injection [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGHIBERNATE-1041788] in org.hibernate:hibernate-core@5.4.10.Final\n    introduced by org.hibernate:hibernate-core@5.4.10.Final\n  \u2717 SQL Injection [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGHIBERNATE-584563] in org.hibernate:hibernate-core@5.4.10.Final\n    introduced by org.hibernate:hibernate-core@5.4.10.Final\n  \u2717 XML External Entity (XXE) Injection [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGDOM4J-565810] in org.dom4j:dom4j@2.1.1\n    introduced by org.hibernate:hibernate-core@5.4.10.Final > org.dom4j:dom4j@2.1.1\n\n\nIssues with no direct upgrade or patch:\n  \u2717 XML External Entity (XXE) Injection [High Severity][https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-JSTL-30453] in jstl:jstl@1.2\n    introduced by jstl:jstl@1.2\n  No upgrade or patch available\n\n\n\nOrganization:      esecuvali-8y3\nPackage manager:   maven\nTarget file:       pom.xml\nProject name:      com.team.hknp:eCommerceWebsite\nOpen source:       no\nProject path:      D:\\0_tmp\\eCommerceWebsite\nLicenses:          enabled<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Code Open Source<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[12],"tags":[],"class_list":["post-7902","post","type-post","status-publish","format-standard","hentry","category-computing_security"],"_links":{"self":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7902","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7902"}],"version-history":[{"count":0,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=\/wp\/v2\/posts\/7902\/revisions"}],"wp:attachment":[{"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7902"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7902"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hasu0707.duckdns.org\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7902"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}