search

vital-ws / JS-WebGoat

WebGoat is a deliberately insecure application
https://owasp.org/www-project-webgoat/
Other
0 stars 0 forks source link

Code Security Report: 25 high severity findings, 134 total findings #27

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago

Code Security Report

Scan Metadata

Latest Scan: 2023-06-21 02:31pm Total Findings: 134 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 424 Detected Programming Languages: 2 (Java, JavaScript / Node.js)

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5b.java:58](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L58) 12023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L53-L58
1 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L55 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5b.java#L58
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson3.java:65](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L65) 22023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L60-L65
2 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L65
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson3.java#L65
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Assignment5.java:59](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L59) 22023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L54-L59
2 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L59
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/challenges/challenge5/Assignment5.java#L59
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson10.java:63](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L63) 12023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L58-L63
1 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L53 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L53 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L58 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson10.java#L63
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson6a.java:65](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L65) 32023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60-L65
3 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L65
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java#L53 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L65
View Data Flow 3 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/SqlOnlyInputValidation.java#L52 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/advanced/SqlInjectionLesson6a.java#L65
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [Servers.java:72](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L72) 12023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L67-L72
1 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/mitigation/Servers.java#L72
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson5a.java:62](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62) 32023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57-L62
3 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62
View Data Flow 3 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L54 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson5a.java#L62
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson9.java:66](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L66) 42023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61-L66
4 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L66
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L66
View Data Flow 3 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L56 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L59 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L61 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson9.java#L66
[View more Data Flows](https://saas.whitesourcesoftware.com/sast/#/scans/ea61d0b6-994f-464c-a042-ef1a39c25927/details?vulnId=836499cd-f6bc-4e87-993c-7ce207616e77&filtered=yes)
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson8.java:66](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L66) 42023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L61-L66
4 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L66
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L66
View Data Flow 3 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L55 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L55 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L58 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson8.java#L66
[View more Data Flows](https://saas.whitesourcesoftware.com/sast/#/scans/ea61d0b6-994f-464c-a042-ef1a39c25927/details?vulnId=b897d786-e113-49ba-a2ef-a6fb3411be72&filtered=yes)
HighSQL Injection [CWE-89](https://cwe.mitre.org/data/definitions/89.html) [SqlInjectionLesson4.java:63](https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L63) 22023-06-21 02:30pm
More info https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L58-L63
2 Data Flow/s detected
View Data Flow 1 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L63
View Data Flow 2 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L57 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L60 https://github.com/vital-ws/JS-WebGoat/blob/19d18aa6f0ac4b73ca895c59752440e1ee726f1c/src/main/java/org/owasp/webgoat/lessons/sql_injection/introduction/SqlInjectionLesson4.java#L63

Findings Overview

Severity Vulnerability Type CWE Language Count
High Deserialization of Untrusted Data CWE-502 Java 2
High DOM Based Cross-Site Scripting CWE-79 JavaScript / Node.js 1
High Cross-Site Scripting CWE-79 Java 4
High Path/Directory Traversal CWE-22 Java 5
High Server Side Request Forgery CWE-918 Java 1
High SQL Injection CWE-89 Java 12
Medium Error Messages Information Exposure CWE-209 Java 47
Medium Hardcoded Password/Credentials CWE-798 Java 10
Medium Console Output CWE-209 Java 2
Medium Miscellaneous Dangerous Functions CWE-676 Java 2
Medium XML External Entity (XXE) Injection CWE-611 Java 1
Medium Weak Pseudo-Random CWE-338 Java 9
Medium Weak Pseudo-Random CWE-338 JavaScript / Node.js 2
Medium Heap Inspection CWE-244 Java 33
Low Cookie Injection CWE-20 Java 2
Low Weak Hash Strength CWE-916 Java 1