hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/change-notes/2020-10-27-insecure-bean-validation.md

Browse Source 
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com>
This commit is contained in:
Alvaro Muñoz
2020-10-27 21:10:46 +01:00
committed by GitHub
parent 1fdf0556d2
commit a9ea63b976
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/change-notes/2020-10-27-insecure-bean-validation.md
View File

@@ -1,6 +1,5 @@
lgtm,codescanning
* New query "Insecure Bean Validation" (java/insecure-bean-validation) added. This query
finds Server-Side Template Injections caused by untrusted data flowing from a Bean
property being validated into a custom constraint violation error message. This
vulnerability leads to arbitrary code execution.
* A new query "Insecure Bean Validation" (`java/insecure-bean-validation`) has been added. This query
finds server-side template injections caused by untrusted data flowing from a bean
property into a custom error message for a constraint validator. This
vulnerability can lead to arbitrary code execution.