CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

github-actions · 2022-03-14T18:35:27Z

SSRF issue exists @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java in branch refs/heads/master

The application sends a request to a remote server, for some resource, using dburl in src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:112. However, an attacker can control the target of the request, by sending a URL or other data in ""dburl"" at src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:54.

Severity: Medium

CWE:918

Vulnerability details and guidance

Checkmarx

Training
Recommended Fix

Lines: 54 56 57 58

Code (Line #54):

        dburl = request.getParameter("dburl");

Code (Line #56):

        dbuser = request.getParameter("dbuser");

Code (Line #57):

        dbpass = request.getParameter("dbpass");

Code (Line #58):

        dbname = request.getParameter("dbname");

The text was updated successfully, but these errors were encountered:

github-actions · 2022-03-14T19:51:18Z

Issue still exists.

github-actions bot closed this as completed Mar 14, 2022

github-actions bot reopened this Mar 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

github-actions bot commented Mar 14, 2022 •

edited

Loading

github-actions bot commented Mar 14, 2022

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

Comments

github-actions bot commented Mar 14, 2022 • edited Loading

github-actions bot commented Mar 14, 2022

github-actions bot commented Mar 14, 2022 •

edited

Loading