Code Security Report

Scan Metadata

Latest Scan: 2023-07-12 09:27pm Total Findings: 58 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 102 Detected Programming Languages: 1 (Java)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	SQL Injection	[CWE-89](https://cwe.mitre.org/data/definitions/89.html)	[SQLInjectionServlet.java:69](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69)	3	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L64-L69 3 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 View Data Flow 2 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 View Data Flow 3 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L28 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L39 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L45 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L60 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/SQLInjectionServlet.java#L69
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[NullByteInjectionServlet.java:46](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L41-L46 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L35 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L35 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L40 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java#L46
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedExtensionUploadServlet.java:84](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L79-L84 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedSizeUploadServlet.java:84](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L79-L84 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[MailHeaderInjectionServlet.java:133](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L128-L133 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L125 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L127 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L133
High	File Manipulation	[CWE-73](https://cwe.mitre.org/data/definitions/73.html)	[MailHeaderInjectionServlet.java:142](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L142)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L137-L142 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/MailHeaderInjectionServlet.java#L141
High	File Manipulation	[CWE-73](https://cwe.mitre.org/data/definitions/73.html)	[MultiPartFileUtils.java:38](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L38)	4	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L33-L38 4 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L37 View Data Flow 2 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L37 View Data Flow 3 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L37 [View more Data Flows](https://saas.mend.io/sast/#/scans/359ea68c-1334-4558-ada3-4dccb6ada1ab/details?vulnId=4f62b182-e897-4384-b29a-afddd3f631e3&filtered=yes)
High	Code Injection	[CWE-94](https://cwe.mitre.org/data/definitions/94.html)	[CodeInjectionServlet.java:65](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L65)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L60-L65 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L25 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L25 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L44 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L45 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L46 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L47 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L61 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/CodeInjectionServlet.java#L65
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedExtensionUploadServlet.java:135](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L130-L135 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L69 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L76 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L84 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L106 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedExtensionUploadServlet.java#L135
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[UnrestrictedSizeUploadServlet.java:127](https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L127)	1	2023-07-05 01:49pm
More info https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L122-L127 1 Data Flow/s detected View Data Flow 1 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L70 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L57 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/core/utils/MultiPartFileUtils.java#L59 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L71 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L84 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L111 https://github.com/KDWSS/Java-Demo-2/blob/c55ae1916945180b2c804dd1bf69875e3152901a/src/main/java/org/t246osslab/easybuggy/vulnerabilities/UnrestrictedSizeUploadServlet.java#L127

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Code Injection	CWE-94	Java	1
High	File Manipulation	CWE-73	Java	3
High	Cross-Site Scripting	CWE-79	Java	2
High	Path/Directory Traversal	CWE-22	Java	9
High	Server Side Request Forgery	CWE-918	Java	1
High	SQL Injection	CWE-89	Java	1
Medium	Error Messages Information Exposure	CWE-209	Java	15
Medium	Trust Boundary Violation	CWE-501	Java	5
Medium	Weak Pseudo-Random	CWE-338	Java	2
Medium	Heap Inspection	CWE-244	Java	5
Low	HTTP Header Injection	CWE-113	Java	1
Low	Session Poisoning	CWE-20	Java	5
Low	Unvalidated/Open Redirect	CWE-601	Java	5
Low	Log Forging	CWE-117	Java	3

KDWSS / Java-Demo-2

Code Security Report: 17 high severity findings, 58 total findings #32

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview