github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/809
Open github-actions[bot] opened 5 months ago
github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/809
github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/829
github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/830
github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/830
github-actions[bot]
commented
5 months ago Veracode issue link to PR: https://github.com/julz0815/test-action/pull/830
https://github.com/julz0815/test-action/blob/37a01908151c347054c82f620f4aee87f09d0b4d/WEB-INF/views/login.jsp#L28-L38
Filename: WEB-INF/views/login.jsp
Line: 33
CWE: 95 (Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'))
This call to eval() contains untrusted input or potentially untrusted data. If this input could be modified by an attacker, arbitrary JS code could be executed. Validate all untrusted and untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. In general, avoid executing code derived from untrusted input. References: CWE