Property
Language
Severity
CWE	CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP	A05:2017 - Broken Access Control
Confidence Level	Medium
Impact Level	High
Likelihood Level	Medium

Description

User-controlled request parameters are being passed directly to the render method in Rails, allowing users to specify which files are rendered. This can let attackers request and display unintended files from the server.

Impact

If exploited, attackers could access sensitive files on the server, such as configuration files or source code, potentially exposing secrets, credentials, or other confidential information. This can lead to data breaches or compromise of the entire application.

Property
Language	generic
Severity
CWE	CWE-1323: Improper Management of Sensitive Trace Data
OWASP	A05:2021 - Security Misconfiguration
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

OWASP guidance recommends disabling tracing for production applications to prevent accidental leakage of sensitive application information.

Property
Language	java
Severity
CWE	CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

User input from HTTP requests is being written directly to application logs without sanitization. This allows attackers to inject special characters (like CR and LF) that can manipulate log entries.

Impact

An attacker could forge or alter log records, making it harder to audit activity or detect malicious behavior. This can hide attacks, mislead operators, or enable further exploits by injecting malicious content into logs.

Property
Language
Severity
CWE	CWE-93: Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

User input from HTTP requests is being written directly to a file without proper validation or sanitization. This allows attackers to inject malicious data into files, potentially corrupting logs or other sensitive resources.

Impact

An attacker could exploit this to manipulate log files, trigger unwanted log rotations, or fill up disk space, leading to denial-of-service or hiding malicious activities. This can disrupt application operations and compromise the integrity of file-based records.

Property
Language	generic
Severity
CWE	CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Low

Description

User input from a path parameter is being directly added as an HTTP response header without proper validation. This allows attackers to inject special characters, potentially creating new headers or altering the response.

Impact

If exploited, attackers can perform HTTP response splitting, leading to security issues like cache poisoning, cross-site scripting, or session hijacking. This can compromise user data, allow phishing, or disrupt normal application behavior.

Property
Language	java
Severity
CWE	CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

User input is being added directly to HTTP cookies without proper validation or encoding. This allows attackers to inject special characters that could manipulate HTTP responses.

Impact

If exploited, an attacker could split or modify HTTP responses, potentially injecting malicious headers or content. This can lead to session hijacking, web cache poisoning, or cross-site scripting attacks, affecting user trust and application security.

Property
Language	csharp
Severity
CWE	CWE-643: Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

The code builds XPath queries using user input without proper validation or sanitization. This allows attackers to inject malicious data into the query, potentially altering its logic or accessing unauthorized XML data.

Impact

If exploited, an attacker could bypass authentication, extract sensitive information, or manipulate XML data by injecting crafted input. This can lead to data breaches, unauthorized access, or compromise of application integrity.

Property
Language	java
Severity
CWE	CWE-643: Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	High

Description

User input from HTTP requests is being used directly in XPath queries without proper sanitization. This allows attackers to inject malicious XPath expressions, potentially manipulating or accessing XML data in unintended ways.

Impact

If exploited, attackers can bypass authentication checks, retrieve sensitive information, or modify XML-based data by injecting crafted input. This can lead to unauthorized data exposure, data manipulation, and compromise of application integrity.

Property
Language	generic
Severity
CWE	CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using spring:eval with dynamic expressions can allow untrusted data to be executed as code. If user input is not properly filtered, attackers might inject malicious expressions into your JSP pages.

Impact

If exploited, an attacker could execute arbitrary code on the server, compromise sensitive data, or alter application behavior. This can lead to data breaches, unauthorized access, or complete system compromise.

Property
Language	java
Severity
CWE	CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
OWASP	A03:2021 - Injection
Confidence Level	Low
Impact Level	Medium
Likelihood Level	Low

Description

Using dynamic values in Seam Logging API messages can allow untrusted input to be evaluated as code. If user-supplied data is inserted directly into log messages, it may lead to unintended code execution.

Impact

An attacker could inject malicious expressions into log messages, potentially executing arbitrary code on the server. This can lead to full system compromise, data breaches, or unauthorized actions within the application.