Q
Detector Library
Scala detectors (28/28)
Improper Neutralization of Special Elements in Data QueryAvoid Persistent CookiesImproper AuthenticationArgument InjectionInsecure host name verifierInsecure CryptographyTemplate InjectionUntrusted data in http sessionInsecure servlet handlingInsecure connection using unencrypted protocolDeserialization of Untrusted DataInsecure servlet handlingUse of Insufficiently Random ValuesInsecure cookieUse Of RSA AlgorithmPath TraversalURL redirection to untrusted siteImproper Validation Of Array IndexInsufficient Protected CredentialsInsecure jax endpoint usageXML External EntityInsecure CORS policyExternal Access to Files or DirectoriesIncorrect Certificate Hostname VerificationImproper privilege managementCross-site scriptingImproper Certificate ValidationDisabled HTML autoescape
High
Showing all detectors for the Scala language with high severity.
Improper Neutralization of Special Elements in Data Query
The application constructs a query with inadequate neutralization of special elements, risking query logic manipulation.
Avoid Persistent Cookies
Persistent cookies are vulnerable to attacks.
Improper Authentication
Security issue where software mishandles XML data from unreliable sources.
Argument Injection
Improper Neutralization of Argument Delimiters in a Command .
Insecure host name verifier
The software does not validate or improperly validate host name.
Template Injection
User input is directly used in rendering or evaluating templates without proper validation or sanitization.
Untrusted data in http session
User input in
setAttribute could lead to trust boundary violation.Insecure servlet handling
Insecure LDAP configuration detected.
Insecure connection using unencrypted protocol
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
Deserialization of Untrusted Data
Deserializing of data from untrusted sources.
Insecure servlet handling
The Servlet can read GET and POST parameters from various methods. The value obtained should be considered unsafe.
Use of Insufficiently Random Values
The product relies on random numbers or values that aren't random enough for security purposes, especially in situations where unpredictability is crucial.
Insecure cookie
Insecure cookies can lead to unencrypted transmission of sensitive data.
Path Traversal
Improper input validation, sanitization, and access controls are can lead to path traversal vulnerabilities.
URL redirection to untrusted site
User-controlled input that specifies a link to an external site could lead to phishing attacks and allow user credentials to be stolen.
Insufficient Protected Credentials
The credentials provided are not adequately protected against security threats.
Insecure jax endpoint usage
Insecure usage of web service methods can enable attacks and lead to unwanted behavior.
XML External Entity
Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.
Insecure CORS policy
Cross-origin resource sharing policies that are too permissive could lead to security vulnerabilities.
External Access to Files or Directories
External parties gain unauthorized access to files or directories via the product.
Incorrect Certificate Hostname Verification
Improper Validation of Certificate with Host Mismatch.
Improper privilege management
Granting unsafe permissions can lead to security vulnerabilities.
Cross-site scripting
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Improper Certificate Validation
Improper certificate validation might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client.
Disabled HTML autoescape
Disabling the HTML autoescape mechanism exposes your web applications to attacks.