Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Code Security Finding: Deserialization of Untrusted Data (CWE-502, High Severity) in Rce.java:114 #68

New issue
New issue
Open
Open
Code Security Finding: Deserialization of Untrusted Data (CWE-502, High Severity) in Rce.java:114#68
Labels
Mend: code security findingsCode security findings detected by Mend
@joshn-whitesource-app

Description

@joshn-whitesource-app
joshn-whitesource-app
bot
opened on Feb 7, 2024

Code Security Finding

This finding was first detected on 2024-02-07 06:59pm GMT and is still present in the last scan performed on 2024-02-07 06:58pm GMT:

SeverityVulnerability TypeCWEFileData Flows
HighDeserialization of Untrusted Data

CWE-502

Rce.java:114

1
Vulnerable Code

java-sec-code/src/main/java/org/joychou/controller/Rce.java

Lines 109 to 114 in 5c68d09

* @param content payloads
*/
@GetMapping("/vuln/yarm")
public void yarm(String content) {
Yaml y = new Yaml();
y.load(content);

1 Data Flow/s detected
Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Deserialization of Untrusted Data Training

● Videos

   ▪ Secure Code Warrior Deserialization of Untrusted Data Video

● Further Reading

   ▪ OWASP Deserialization Cheat Sheet

   ▪ OWASP Top Ten 2017 A8: Insecure Deserialization

   ▪ OWASP Deserialization of untrusted data

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: code security findingsCode security findings detected by Mend

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions