mirror of
https://github.com/github/codeql.git
synced 2025-12-17 17:23:36 +01:00
6 lines
334 B
Markdown
6 lines
334 B
Markdown
lgtm,codescanning
|
|
* A new query "Insecure Bean Validation" (`java/insecure-bean-validation`) has been added. This query
|
|
finds server-side template injections caused by untrusted data flowing from a bean
|
|
property into a custom error message for a constraint validator. This
|
|
vulnerability can lead to arbitrary code execution.
|