Code Security Report: 3 high severity findings, 16 total findings

[mend-for-github-com[bot]]

Code Security Report

Scan Metadata

Latest Scan: 2023-11-22 01:26pm Total Findings: 16 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 49 Detected Programming Languages: 1 (JavaScript / Node.js)

• [ ] Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Code Injection	[CWE-94](https://cwe.mitre.org/data/definitions/94.html)	[contributions.js:34](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L34)	2	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L29-L34 2 Data Flow/s detected View Data Flow 1 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L34 View Data Flow 2 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L34 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L34 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L34
High	Code Injection	[CWE-94](https://cwe.mitre.org/data/definitions/94.html)	[contributions.js:33](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L33)	2	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L28-L33 2 Data Flow/s detected View Data Flow 1 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L33 View Data Flow 2 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L33 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L33 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L33
High	Code Injection	[CWE-94](https://cwe.mitre.org/data/definitions/94.html)	[contributions.js:32](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L32)	2	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L27-L32 2 Data Flow/s detected View Data Flow 1 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L32 View Data Flow 2 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L32 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L32 https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/contributions.js#L32
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[user-dao.js:53](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L53)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L53
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[user-dao.js:52](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L52)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L52
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[user-dao.js:51](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L51)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/data/user-dao.js#L51
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[session.js:17](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/session.js#L17)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/session.js#L17
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[session.js:16](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/session.js#L16)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/app/routes/session.js#L16
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[db-reset.js:114](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/artifacts/db-reset.js#L114)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/artifacts/db-reset.js#L114
Medium	Weak Pseudo-Random	[CWE-338](https://cwe.mitre.org/data/definitions/338.html)	[db-reset.js:113](https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/artifacts/db-reset.js#L113)	1	2023-11-22 01:26pm
Vulnerable Code https://github.com/samq-ghdemo/NodeGoat/blob/1958aa63d87eece9a74209eb07446e884d47ae49/artifacts/db-reset.js#L113

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Code Injection	CWE-94	JavaScript / Node.js	3
Medium	Weak Pseudo-Random	CWE-338	JavaScript / Node.js	8
Medium	Hardcoded Password/Credentials	CWE-798	JavaScript / Node.js	4
Low	Unvalidated/Open Redirect	CWE-601	JavaScript / Node.js	1