search

NormanWenzelWSS / WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 1 forks source link

Code Security Report for project "SubProject 1": 24 high severity findings, 38 total findings - autoclosed #39

Closed dev-mend-for-github-com[bot] closed 1 year ago

dev-mend-for-github-com[bot] commented 1 year ago

Code Security Report for project "SubProject 1"

Scan Metadata

Latest Scan: 2023-07-17 04:21pm Total Findings: 38 | New Findings: 2 | Resolved Findings: 2 Project Directory: /webgoat-server Tested Project Files: 412 Detected Programming Languages: 2 (JavaScript / Node.js, Java*)

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5b.java:71](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L71) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L66-L71
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L51 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L52 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L58 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java#L71
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionChallenge.java:65](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java#L65) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java#L60-L65
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java#L63 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java#L65
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Servers.java:71](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java#L71) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java#L66-L71
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java#L67 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java#L71 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java#L71
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson4.java:63](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L63) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L58-L63
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L57 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java#L63
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson2.java:62](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L62) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L57-L62
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L55 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L59 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java#L62
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Assignment5.java:60](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java#L60) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java#L55-L60
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java#L52 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java#L60
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson9.java:66](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L66) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L61-L66
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L55 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L59 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L65 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java#L128 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L65 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java#L66
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson3.java:65](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L65) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L60-L65
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L57 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java#L65
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson6a.java:67](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L67) 32023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L62-L67
3 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java#L48 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java#L52 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L67
View Data Flow 2 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L51 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L52 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L67
View Data Flow 3 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L48 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L49 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java#L67
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5.java:72](https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L72) 12023-07-04 09:25am
More info https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L67-L72
1 Data Flow/s detected
View Data Flow 1 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L65 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L66 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L69 https://github.com/NormanWenzelWSS/WebGoat/blob/88189ca8104be41cc06551e57af7b9923a12e94b/webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java#L72

Findings Overview

Severity Vulnerability Type CWE Language Count
High Path/Directory Traversal CWE-22 Java* 6
High DOM Based Cross-Site Scripting CWE-79 JavaScript / Node.js 1
High Deserialization of Untrusted Data CWE-502 Java* 1
High SQL Injection CWE-89 Java* 14
High Server Side Request Forgery CWE-918 Java* 2
Medium XML External Entity (XXE) Injection CWE-611 Java* 1
Medium Hardcoded Password/Credentials CWE-798 Java* 3
Medium Error Messages Information Exposure CWE-209 Java* 5
Medium Weak Pseudo-Random CWE-338 JavaScript / Node.js 2
Low Log Forging CWE-117 Java* 1
Low System Properties Disclosure CWE-497 Java* 1
Low Weak Hash Strength CWE-328 Java* 1