Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Tool Description: Summary: Improper Input Validation in GoGo Protobuf.
Description: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Due Date: 2022-09-30
A high severity vulnerability has been discovered in your project.
Project Name: test
Scanner Name: dependabot
Cwe ID: 20
Cwe Name: Improper Input Validation
Cwe Link: https://cwe.mitre.org/data/definitions/20.html
File: go.sum
Packages:
References:
Training(Secure Code Warrior):
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description: The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection
Videos:
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Link: https://portal.securecodewarrior.com/?utm_source=partner-integration:kondukto#/contextual-microlearning/web/injection/sql/go/vanilla
Videos:
Tool Description: Summary: Improper Input Validation in GoGo Protobuf. Description: An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.
Kondukto Link: http://80.kondukto.local/projects/6331ad74ef14f4953e572991/vulns/appsec?page=1&perPage=15&id=in:63369976ac49fe7403108cf8