CWE: 943 (Improper Neutralization of Special Elements in Data Query Logic)
This NoSQL API call contains an injection flaw. In the call or reference to mongodb.Collection.insert, the application executes an operation designed to manipulate data in the database, but part of that query is constructed from untrusted data. An attacker could exploit this flaw to modify arbitrary data inside the database or replace a query value to bypass authentication or access unauthorized data. Avoid passing user-generated data to queries outside of data fields. Ensure that query values are validated to authorize the requesting user before accessing the data.References: CWE/nDon't know how to fix this? Don't know why this was reported? Get Assistance from Veracode
https://github.com/tsaekaoOrg/nodegoat/blob/94315c5421ccfc8451501ccc4c679d6e99004688/app/routes/memos.js#L6-L16
Filename: app/routes/memos.js
Line: 11
CWE: 943 (Improper Neutralization of Special Elements in Data Query Logic)
This NoSQL API call contains an injection flaw. In the call or reference to mongodb.Collection.insert, the application executes an operation designed to manipulate data in the database, but part of that query is constructed from untrusted data. An attacker could exploit this flaw to modify arbitrary data inside the database or replace a query value to bypass authentication or access unauthorized data. Avoid passing user-generated data to queries outside of data fields. Ensure that query values are validated to authorize the requesting user before accessing the data. References: CWE/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode