CWE: 93 (Improper Neutralization of CRLF Sequences ('CRLF Injection'))
This call to javax.mail.Message.setSubject() contains a CRLF injection flaw. Writing untrusted input to an interface or external application that treats the CRLF (carriage return line feed) sequence as a delimiter to separate lines or records can result in that data being misinterpreted. The first argument to setSubject() contains tainted data. The tainted data originated from earlier calls to AnnotationVirtualController.vc_annotation_entry, and java.sql.Statement.executeQuery.Sanitize CRLF sequences from untrusted input.References: CWEOWASPSupported Cleansers
https://github.com/gwhittemore-veracode/Veracode-GW-training/blob/3e6598b8340cfd817470866404f9c90179a22e60/com/veracode/verademo/controller/UserController.java#L428-L438
Filename: com/veracode/verademo/controller/UserController.java
Line: 433
CWE: 93 (Improper Neutralization of CRLF Sequences ('CRLF Injection'))
This call to javax.mail.Message.setSubject() contains a CRLF injection flaw. Writing untrusted input to an interface or external application that treats the CRLF (carriage return line feed) sequence as a delimiter to separate lines or records can result in that data being misinterpreted. The first argument to setSubject() contains tainted data. The tainted data originated from earlier calls to AnnotationVirtualController.vc_annotation_entry, and java.sql.Statement.executeQuery. Sanitize CRLF sequences from untrusted input. References: CWE OWASP Supported Cleansers