Potential SQL Injection with Turbine (SQL_INJECTION_TURBINE) Potential SQL/HQL Injection (Hibernate) (SQL_INJECTION_HIBERNATE) Potential SQL/JDOQL Injection (JDO) (SQL_INJECTION_JDO) Potential SQL/JPQL Injection (JPA) (SQL_INJECTION_JPA) Potential JDBC Injection (Spring JDBC) (SQL_INJECTION_SPRING_...
ZF2015-04: Potential CRLF injection attacks in mail and HTTP headers The CRLF Injection Attack (sometimes also referred to as HTTP Response Splitting) is a fairly simple, yet extremely powerful web attack. It has been reported in detail in "CWE-113 Improper Neutralization of CRLF Sequences in ...
Injection attacks exploit a variety of vulnerabilities to inject malicious user input that is then executed by a web application. Learn how the most common injection attacks work and what you can do to find and prevent injection vulnerabilities.
Closed Embed Semgrep Community Rule java.lang.security.audit.crlf-injection-logs.crlf-injection-logs Background and Rationale behind this Work As per https://gitlab.com/gitlab-org/gitlab/-/issues/425704 and https://gitlab.com/gitlab-org/gitlab/-/issues/425704 we are continuously working towa...
Here's a potential pitfall for forum admins especially, but also anyone who codes up a form with a dropdown selector but doesn't validate that the posted response was actually one of the available options. In college, I realized that the user's 'country' selector in phpBB had no such...
David Mas (Migrated from SEC-1790) said: AbstractAuthenticationTargetUrlRequestHandler#determineTargetUrl(HttpServletRequest, HttpServletResponse) calls URLDecoder.decode, and the result is directly feed to DefaultRedirectStrategy by def...
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue. Credit: The Apache Heron (Incubating) project would like to thank Bo Yu for bringing this matter to our...
Update from October 22nd, 2020: Cisco has become aware of a new Cisco Adaptive Security Appliance vulnerability that could affect the fixed releases recommended for code trains 9.13 and 9.14 in the Fixed Software section of this advisory. See the Cisco Adaptive Security Appliance Software SSL/...
python-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082) rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies (CVE-2024-21647) rubygem-audited: Race condition can lead to audit logs being incorrectly attributed to the wrong...
Prevents to render pages if a potential XSS reflection attack is detected. Hardening Prevent Sniff Mimetype middleware (X-Content-Type-Options)Tells browsers not to sniff MIME types. Hardening Reject unsafe HTTP methodsOnly allow the HTTP methods for which you, in fact, provide services. ...