Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update StartWebGoat.java #1

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Update StartWebGoat.java #1

wants to merge 1 commit into from

Conversation

SamHeadrickCx
Copy link
Owner

Thank you for submitting a pull request to the WebGoat!

@SamHeadrickCx
Copy link
Owner Author

Logo
Checkmarx AST – Scan Summary & Details4a8156aa-dc96-41df-8c2d-f59893f767e4

CxAST Violation Summary

HIGH140 HIGH
MEDIUM73 MEDIUM
LOW60 LOW

CxAST Results

Severity Issue File / Package Scan Engine
HIGH CVE-2013-7285 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2016-1000027 Maven-org.springframework:spring-web-5.2.13.RELEASE CxSCA
HIGH CVE-2016-10707 Npm-jquery-2.1.4 CxSCA
HIGH CVE-2016-3674 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2017-7957 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2018-14718 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-14719 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-14720 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-14721 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-19360 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-19361 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2018-19362 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-12086 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-14379 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-14439 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-14540 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-14892 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-14893 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-16335 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-16942 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-16943 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-17267 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-17531 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2019-20330 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-10650 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-10672 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-10673 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-10968 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-10969 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-11111 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-11112 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-11113 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-11619 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-11620 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-14060 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-14061 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-14062 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-14195 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-24616 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-24750 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-25649 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-26217 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2020-26258 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2020-27216 Maven-org.eclipse.jetty:jetty-webapp-9.2.28.v20190418 CxSCA
HIGH CVE-2020-35490 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-35491 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-35728 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36179 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36180 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36181 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36182 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36183 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36184 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36185 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36186 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36187 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36188 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-36189 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-8840 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-9546 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-9547 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2020-9548 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
HIGH CVE-2021-20190 Maven-com.fasterxml.jackson.core:jackson-databind-2.11.0 CxSCA
HIGH CVE-2021-21341 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21342 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21343 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21344 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21345 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21346 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21347 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21348 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21349 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21350 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-21351 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-22118 Maven-org.springframework:spring-web-5.2.13.RELEASE CxSCA
HIGH CVE-2021-23358 Npm-underscore-1.10.2 CxSCA
HIGH CVE-2021-28165 Maven-org.eclipse.jetty:jetty-io-9.2.28.v20190418 CxSCA
HIGH CVE-2021-35515 Maven-org.apache.commons:commons-compress-1.20 CxSCA
HIGH CVE-2021-35516 Maven-org.apache.commons:commons-compress-1.20 CxSCA
HIGH CVE-2021-35517 Maven-org.apache.commons:commons-compress-1.20 CxSCA
HIGH CVE-2021-36090 Maven-org.apache.commons:commons-compress-1.20 CxSCA
HIGH CVE-2021-37714 Maven-org.jsoup:jsoup-1.13.1 CxSCA
HIGH CVE-2021-39139 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39141 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39144 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39145 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39146 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39147 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39148 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39149 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39150 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39151 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39152 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39153 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH CVE-2021-39154 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
HIGH Client_DOM_Stored_XSS /webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js: 56 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js: 35 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js: 17 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js: 43 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js: 43 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/xxe/src/main/resources/js/xxe.js: 72 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/csrf/src/main/resources/js/csrf-review.js: 35 CxSAST
HIGH Client_DOM_Stored_XSS /webgoat-lessons/challenge/src/main/resources/js/challenge8.js: 7, 46 CxSAST
HIGH Client_DOM_XSS /webgoat-container/src/main/resources/static/js/libs/backbone-min.js: 1188 CxSAST
HIGH Cx8fd408ac-dd80 Maven-com.beust:jcommander-1.72 CxSCA
HIGH Deserialization_of_Untrusted_Data /webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java: 46 CxSAST
HIGH Deserialization_of_Untrusted_Data /webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java: 41 CxSAST
HIGH Reflected_XSS_All_Clients /webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java: 47 CxSAST
HIGH Reflected_XSS_All_Clients /webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java: 45 CxSAST
HIGH Reflected_XSS_All_Clients /webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java: 50 CxSAST
HIGH Reflected_XSS_All_Clients /webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java: 49, 69 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java: 53 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java: 51 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java: 51 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java: 54 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java: 65 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java: 56 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java: 56 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java: 67 CxSAST
HIGH SQL_Injection /webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java: 36, 42 CxSAST
HIGH SQL_Injection /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java: 92 CxSAST
HIGH SQL_Injection /webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java: 52 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java: 48 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java: 55 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java: 52 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java: 55 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java: 48 CxSAST
HIGH SQL_Injection /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java: 56 CxSAST
HIGH Second_Order_SQL_Injection /webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java: 42 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java: 66, 94 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java: 72 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java: 71 CxSAST
HIGH Stored_XSS /webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingAccessControlUserRepository.java: 23 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java: 63 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java: 66 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java: 67 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java: 62 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java: 62 CxSAST
HIGH Stored_XSS /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java: 66 CxSAST
MEDIUM APT-GET Missing '-y' To Avoid Manual Input /webwolf/Dockerfile: 5 CxKICS
MEDIUM APT-GET Missing '-y' To Avoid Manual Input /webgoat-server/Dockerfile: 5 CxKICS
MEDIUM Absolute_Path_Traversal /webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java: 48 CxSAST
MEDIUM Absolute_Path_Traversal /.mvn/wrapper/MavenWrapperDownloader.java: 48 CxSAST
MEDIUM Apt Get Install Pin Version Not Defined /docker/Dockerfile: 5 CxKICS
MEDIUM CVE-2007-2379 Maven-org.webjars:jquery-3.5.1 CxSCA
MEDIUM CVE-2007-2379 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2014-6071 Maven-org.webjars:jquery-3.5.1 CxSCA
MEDIUM CVE-2014-6071 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2015-9251 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2016-10735 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2016-7103 Npm-jquery-ui-1.10.4 CxSCA
MEDIUM CVE-2018-10237 Maven-com.google.guava:guava-20.0 CxSCA
MEDIUM CVE-2018-14040 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2018-14040 Maven-org.webjars:bootstrap-3.3.7 CxSCA
MEDIUM CVE-2018-14041 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2018-14042 Maven-org.webjars:bootstrap-3.3.7 CxSCA
MEDIUM CVE-2018-14042 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2018-20676 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2018-20677 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2019-11358 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2019-12384 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
MEDIUM CVE-2019-12814 Maven-com.fasterxml.jackson.core:jackson-databind-2.9.6 CxSCA
MEDIUM CVE-2019-19935 Npm-froala-editor-1.1.7 CxSCA
MEDIUM CVE-2019-8331 Npm-bootstrap-3.1.1 CxSCA
MEDIUM CVE-2020-11022 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2020-11023 Npm-jquery-2.1.4 CxSCA
MEDIUM CVE-2020-22864 Npm-froala-editor-1.1.7 CxSCA
MEDIUM CVE-2020-26259 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
MEDIUM CVE-2021-28169 Maven-org.eclipse.jetty:jetty-http-9.2.28.v20190418 CxSCA
MEDIUM CVE-2021-28169 Maven-org.eclipse.jetty:jetty-servlets-9.2.28.v20190418 CxSCA
MEDIUM CVE-2021-28169 Maven-org.eclipse.jetty:jetty-server-9.2.28.v20190418 CxSCA
MEDIUM CVE-2021-29425 Maven-commons-io:commons-io-2.6 CxSCA
MEDIUM CVE-2021-29425 Maven-commons-io:commons-io-2.2 CxSCA
MEDIUM CVE-2021-30109 Npm-froala-editor-1.1.7 CxSCA
MEDIUM CVE-2021-39140 Maven-com.thoughtworks.xstream:xstream-1.4.5 CxSCA
MEDIUM CVE-2021-41182 Npm-jquery-ui-1.10.4 CxSCA
MEDIUM CVE-2021-41183 Npm-jquery-ui-1.10.4 CxSCA
MEDIUM CVE-2021-41184 Npm-jquery-ui-1.10.4 CxSCA
MEDIUM CVE-2021-42550 Maven-ch.qos.logback:logback-core-1.2.7 CxSCA
MEDIUM CVE-2021-42550 Maven-ch.qos.logback:logback-classic-1.2.7 CxSCA
MEDIUM Cleartext_Submission_of_Sensitive_Information /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java: 103 CxSAST
MEDIUM Cleartext_Submission_of_Sensitive_Information /webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java: 66 CxSAST
MEDIUM Client_Potential_XSS /webgoat-lessons/xxe/src/main/resources/js/xxe.js: 77 CxSAST
MEDIUM Client_Potential_XSS /webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js: 39 CxSAST
MEDIUM Client_Potential_XSS /webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js: 6, 7, 8, 22, 23, 24, 39, 40, 41, 68, 69, 70 CxSAST
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js: 105, 106, 107 CxSAST
MEDIUM Client_Potential_XSS /webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js: 9 CxSAST
MEDIUM Client_Potential_XSS /webgoat-lessons/csrf/src/main/resources/js/csrf-review.js: 39 CxSAST
MEDIUM Client_Potential_XSS /webgoat-container/src/main/resources/static/js/libs/ace.js: 21469 CxSAST
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.11.0 CxSCA
MEDIUM Cxced0c06c-935c Maven-com.fasterxml.jackson.core:jackson-databind-2.13.0 CxSCA
MEDIUM Cxf0b588a3-5c6f Npm-jquery-2.1.4 CxSCA
MEDIUM HttpOnlyCookies /webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java: 86 CxSAST
MEDIUM HttpOnlyCookies /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java: 105, 110 CxSAST
MEDIUM HttpOnlyCookies /webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java: 79, 93 CxSAST
MEDIUM JWT_Sensitive_Information_Exposure /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java: 70 CxSAST
MEDIUM JWT_Sensitive_Information_Exposure /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java: 62 CxSAST
MEDIUM Parameter_Tampering /webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java: 92 CxSAST
MEDIUM Parameter_Tampering /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java: 52 CxSAST
MEDIUM Privacy_Violation /webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java: 81 CxSAST
MEDIUM Privacy_Violation /webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java: 43 CxSAST
MEDIUM Privacy_Violation /webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java: 41, 61 CxSAST
MEDIUM Privacy_Violation /webgoat-lessons/hijack-session/src/main/java/org/owasp/webgoat/hijacksession/HijackSessionAssignment.java: 66 CxSAST
MEDIUM RUN Instruction Using 'cd' Instead of WORKDIR /webgoat-server/Dockerfile: 10 CxKICS
MEDIUM SSRF /webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java: 46 CxSAST
MEDIUM Session_Fixation /webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java: 67 CxSAST
MEDIUM Unchecked_Input_for_Loop_Condition /webgoat-lessons/path-traversal/src/main/java/org/owasp/webgoat/path_traversal/ProfileZipSlip.java: 36 CxSAST
MEDIUM Unsafe_Object_Binding /webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java: 58 CxSAST
MEDIUM Unsafe_Object_Binding /webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java: 64 CxSAST
MEDIUM Unsafe_Object_Binding

More results are available on AST platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@SamHeadrickCx