Explore

Filters (0) Clear filters
Languages
Level
Tags

1-25 of 33

Command Injection: Untrusted data in ProcessBuilder command

This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.

  • error
  • java
  • security
  • Java basic
  • injection
Command Injection: Untrusted data in ProcessBuilder command - Add

This call to ProcessBuilder#command contains untrusted input. Consider sanitizing the untrusted input.

  • error
  • java
  • security
  • Java basic
  • injection
Data: Injection: Parameterize LDAP Filters: DirContext#search

Could lead to LDAP Injection

  • error
  • java
  • security
  • LDAP
  • injection
  • OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: 1st argument of type Constructor

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: arguments, but no Constructor argument

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid Code Injection: Use SafeConstructor: no arguments

Could lead to Remote Code Execution

  • error
  • java
  • security
  • basic protection set
  • injection
  • YAML
  • OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (PreparedStatement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
Injection: Avoid SQL Injection: Use Parameterized Queries (Statement)

Could lead to SQL Injection

  • error
  • java
  • security
  • SEI CERT
  • basic protection set
  • injection
  • SQL
  • OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createNativeQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10
Injection - SQL Injection in JPA: EntityManager#createQuery

Avoid SQLi by using parameterized queries, instead of string concatenation with untrusted input

  • error
  • java
  • security
  • JPA
  • injection
  • SQL
  • OWASP Top 10
Input Validation: Avoid Expression Language Injection: Do not evaluate expressions controlled by user input (javax)

Could lead to Expression Language Injection

  • error
  • java
  • expression language
  • security
  • injection
  • OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: single parameter

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
Input Validation: Avoid JDBC Injection: Bind variables in prepared statements: Two parameters

Could lead to JDBC Injection

  • error
  • java
  • Spring
  • security
  • Spring Data
  • framework specific
  • injection
  • SQL
  • OWASP Top 10
Input Validation: Avoid Spring Expression Language Injection: Do not evaluate expressions controlled by user input (ExpressionParser)

Could lead to Spring Expression Language Injection

  • error
  • java
  • expression language
  • Spring
  • Spring Core
  • security
  • framework specific
  • injection
  • OWASP Top 10
MongoDB: _id NoSQL Injection

Do not use string concatenation in where filters

  • error
  • java
  • security
  • NoSQL
  • framework specific
  • MongoDB
  • injection
  • OWASP Top 10
Prevent CRLF injection in SLF4J

Encode untrustated data to prevent the log files from CRLF injections

  • marked_information
  • java
  • security
  • SLF4J
  • framework specific
  • logging
  • injection
Prevent CRLF injection in SLF4J using the Logstash Logback Encoder

Encode untrustated data to prevent the log files from CRLF injections

  • marked_information
  • java
  • security
  • SLF4J
  • framework specific
  • logging
  • injection
Regex Injection

Use Pattern#quote to include untrusted input in regexes.

  • error
  • java
  • security
  • SEI CERT
  • Java basic
  • injection
  • OWASP Top 10
SLF4J Logging: enforce usage of placeholders in the messages

Do not concatenate untrusted data in the message string, instead use placeholders ( '{}' )

  • marked_information
  • java
  • security
  • logging
  • injection
  • OWASP Top 10
  • SLF4J
  • framework specific
Spring Data Neo4jClient#query is vulnerable to injections

Spring Data Neo4jClient#query is vulnerable to injections

  • error
  • java
  • security
  • Neo4j
  • framework specific
  • OWASP Top 10
  • injection
  • Spring Data
SQL Injection: SQLiteDatabase#execSQL

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 1st parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 2nd parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 3rd parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10
SQL Injection: SQLiteDatabase#query - 5th parameter

This query could lead to SQL injection

  • error
  • java
  • security
  • framework specific
  • mobile
  • injection
  • Android
  • SQL
  • OWASP Top 10