The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Code_Injection issue exists @ contributions.js in branch master
The application's Lambda method receives and dynamically executes user-controlled code using roth, at line 34 of /app/routes/contributions.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the executed code via user input, roth, which is retrieved by the application in the Lambda method, at line 34 of /app/routes/contributions.js.
Code_Injection issue exists @ contributions.js in branch master
The application's Lambda method receives and dynamically executes user-controlled code using roth, at line 34 of /app/routes/contributions.js. This could enable an attacker to inject and run arbitrary code.
The attacker can inject the executed code via user input, roth, which is retrieved by the application in the Lambda method, at line 34 of /app/routes/contributions.js.
Namespace: RobertMickleCx Repository: NodeGoat Repository Url: https://github.com/RobertMickleCx/NodeGoat CxAST-Project: RobertMickleCx/NodeGoat CxAST platform scan: 421abb05-2701-4c6b-8cb3-89f91b91b3aa Branch: master Application: NodeGoat Severity: HIGH State: TO_VERIFY Status: RECURRENT CWE: 94 Lines: 32 33 34
References Read more