Q
Detector Library
Scala detectors (28/28)
Improper Neutralization of Special Elements in Data QueryAvoid Persistent CookiesImproper AuthenticationArgument InjectionInsecure host name verifierInsecure CryptographyTemplate InjectionUntrusted data in http sessionInsecure servlet handlingInsecure connection using unencrypted protocolDeserialization of Untrusted DataInsecure servlet handlingUse of Insufficiently Random ValuesInsecure cookieUse Of RSA AlgorithmPath TraversalURL redirection to untrusted siteImproper Validation Of Array IndexInsufficient Protected CredentialsInsecure jax endpoint usageXML External EntityInsecure CORS policyExternal Access to Files or DirectoriesIncorrect Certificate Hostname VerificationImproper privilege managementCross-site scriptingImproper Certificate ValidationDisabled HTML autoescape
Scala detectors
Showing all detectors for the Scala language.
Browse all detectors
Improper Neutralization of Special Elements in Data Query
The application constructs a query with inadequate neutralization of special elements, risking query logic manipulation.
Avoid Persistent Cookies
Persistent cookies are vulnerable to attacks.
Improper Authentication
Security issue where software mishandles XML data from unreliable sources.
Argument Injection
Improper Neutralization of Argument Delimiters in a Command .
Insecure host name verifier
The software does not validate or improperly validate host name.
Insecure Cryptography
Use of insecure cryptography
Template Injection
User input is directly used in rendering or evaluating templates without proper validation or sanitization.
Untrusted data in http session
User input in
setAttribute could lead to trust boundary violation.Insecure servlet handling
Insecure LDAP configuration detected.
Insecure connection using unencrypted protocol
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
Deserialization of Untrusted Data
Deserializing of data from untrusted sources.
Insecure servlet handling
The Servlet can read GET and POST parameters from various methods. The value obtained should be considered unsafe.
Use of Insufficiently Random Values
The product relies on random numbers or values that aren't random enough for security purposes, especially in situations where unpredictability is crucial.
Insecure cookie
Insecure cookies can lead to unencrypted transmission of sensitive data.
Use Of RSA Algorithm
RSA algorithm does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
Path Traversal
Improper input validation, sanitization, and access controls are can lead to path traversal vulnerabilities.
URL redirection to untrusted site
User-controlled input that specifies a link to an external site could lead to phishing attacks and allow user credentials to be stolen.
Improper Validation Of Array Index
Array Index Validation Failure enables attackers to execute code or cause a denial of service by manipulating array index values.
Insufficient Protected Credentials
The credentials provided are not adequately protected against security threats.
Insecure jax endpoint usage
Insecure usage of web service methods can enable attacks and lead to unwanted behavior.
XML External Entity
Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.
Insecure CORS policy
Cross-origin resource sharing policies that are too permissive could lead to security vulnerabilities.
External Access to Files or Directories
External parties gain unauthorized access to files or directories via the product.
Incorrect Certificate Hostname Verification
Improper Validation of Certificate with Host Mismatch.
Improper privilege management
Granting unsafe permissions can lead to security vulnerabilities.
Cross-site scripting
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Improper Certificate Validation
Improper certificate validation might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
Disabled HTML autoescape
Disabling the HTML autoescape mechanism exposes your web applications to attacks.