github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
Open github-actions[bot] opened 2 years ago
github-actions[bot]
commented
2 years ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/7
github-actions[bot]
commented
1 year ago Veracode issue link to PR: https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/pull/174
https://github.com/gwhittemore-veracode/Veracode-GW-Training-demo/blob/2add22ec1b5a85a51e5134a9af33bf2e99488d44/com/veracode/verademo/controller/UserController.java#L428-L438
Filename: com/veracode/verademo/controller/UserController.java
Line: 433
CWE: 93 (Improper Neutralization of CRLF Sequences ('CRLF Injection'))
This call to javax.mail.Message.setSubject() contains a CRLF injection flaw. Writing untrusted input to an interface or external application that treats the CRLF (carriage return line feed) sequence as a delimiter to separate lines or records can result in that data being misinterpreted. The first argument to setSubject() contains tainted data. The tainted data originated from earlier calls to AnnotationVirtualController.vc_annotation_entry, and java.sql.Statement.executeQuery. Sanitize CRLF sequences from untrusted input. References: CWE OWASP Supported Cleansers