[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data #136
Comments
intrigus-lgtm
added
the
All For One
|
Hi @intrigus-lgtm. It looks like this one hasn't made any progress since last year. Is it ok if I drop it from our bounty pipeline for now? You can resubmit it when it's ready. |
kevinbackhouse
removed
the
All For One
|
Your submission is now in status Closed. For information, the evaluation workflow is the following: |
|
@kevinbackhouse can you please reopen this? |
|
Hi @intrigus-lgtm. I'm very sorry, but the bounty program has been sunset: #828. So, unfortunately, it is now too late for us to reopen this submission. I know you've been one of our top contributors, so I want to thank you for everything that you've done to help improve the CodeQL query suite. |
|
@kevinbackhouse I don't want to be too pedantic, but when I wrote the comment it was still the 24th of June somewhere on earth. I actually don't have too much of a problem with my "All-for-one" submission being closed iff you still consider my "Bug-slayer" submission valid. |
|
Hi @intrigus-lgtm. I'm sorry, but your submissions were still incomplete when our deadline expired on 2024-06-24. Unfortunately, you had not yet pushed the new version of the query and most of the details were still missing from #839. We want to be fair to all of our bounty participants, which means that we have to follow the rules that we wrote. |
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
Report
Paths that can be influenced by users (= Directory traversal) where the content of the path is returned to the user or where user data is written to.
"Arbitrary read and write"
Query: github/codeql#3794
Result(s)
Provide at least one useful result found by your query, on some revision of a real project.
The text was updated successfully, but these errors were encountered: