You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you cannot see the Security tab, let me know and I can send you whatever info you want.
Here are the counts of what was found:
1 Arbitrary file write during archive extraction ("Zip Slip")
8 Building a command line with string concatenation
1 Client-side URL redirect
2 Client-side cross-site scripting
3 DOM text reinterpreted as HTML
4 Failure to use HTTPS or SFTP URL in Maven artifact upload/download
17 Implicit narrowing conversion in compound assignment
1 Incomplete URL scheme check
2 Incomplete URL substring sanitization
9 Incomplete multi-character sanitization
21 Incomplete string escaping or encoding
2 Inefficient regular expression
2 Prototype pollution in utility function
3 Query built without neutralizing special characters
7 Resolving XML external entity in user-controlled data
18 Result of multiplication cast to wider type
1 Uncontrolled data used in path expression
4 Unsafe expansion of self-closing HTML tag
1 Unsafe jQuery plugin
11 Useless regular-expression character escape
The text was updated successfully, but these errors were encountered:
I have been looking at github's code scanning. It has found some things in the wonder code that might be a problem.
I know. I was shocked also. :--)
Anyway, if anyone is interested, they are viewable as under the Security tab in my fork. See https://github.com/rkiddy/wonder
If you cannot see the Security tab, let me know and I can send you whatever info you want.
Here are the counts of what was found:
1 Arbitrary file write during archive extraction ("Zip Slip")
8 Building a command line with string concatenation
1 Client-side URL redirect
2 Client-side cross-site scripting
3 DOM text reinterpreted as HTML
4 Failure to use HTTPS or SFTP URL in Maven artifact upload/download
17 Implicit narrowing conversion in compound assignment
1 Incomplete URL scheme check
2 Incomplete URL substring sanitization
9 Incomplete multi-character sanitization
21 Incomplete string escaping or encoding
2 Inefficient regular expression
2 Prototype pollution in utility function
3 Query built without neutralizing special characters
7 Resolving XML external entity in user-controlled data
18 Result of multiplication cast to wider type
1 Uncontrolled data used in path expression
4 Unsafe expansion of self-closing HTML tag
1 Unsafe jQuery plugin
11 Useless regular-expression character escape
The text was updated successfully, but these errors were encountered: