endpointlabs / VulnerableDotNetCore3Project

.Net Core 3.0
0 stars 0 forks source link

CVE-2021-3121 | github.com/gogo/protobuf:v1.3.0 (CWE-20) #35

Open cbilgin23 opened 2 years ago

cbilgin23 commented 2 years ago

Due Date: 2022-09-26

A high severity vulnerability has been discovered in your project.

Project Name: test

Scanner Name: dependabot

Cwe ID: 20

Cwe Name: Improper Input Validation

Cwe Link: https://cwe.mitre.org/data/definitions/20.html

File: go.sum

Packages:

References:

Training(Secure Code Warrior):


Tool Description: Summary: Improper Input Validation in GoGo Protobuf. Description: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

Custom Description: test

Kondukto Link: http://80.kondukto.local/projects/633187358347f9f0ec5b40e9/vulns/appsec?page=1&perPage=15&id=in:6331876d8347f9f0ec5b410a