Veracode scan XSS security vulnerability #427
Comments
|
Can you please expand on what the issue is and where in the code you found it? |
|
I have a SpringBoot application using spring-cloud-starter-zuul version 1.4.4.RELEASE that works as a Router / Gateway, and when I Veracode security scan it, a Medium security flaw (XSS) is flagged. Cross-Site Scripting (CWE ID 80) |
|
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am running into a Veracode scan XSS (CWE ID 80) security vulnerability. Although flagged a Medium, this is a significant finding with zuul-core v1.3.0. Has anyone else reported this issue, and is there a target version of zuul-core that may address it?
Flaw Id Module # Class # Module Location Fix By
4 2 - ecc-zuul-server-
1.0.0.jar/zuul-core-
1.3.0.jar
.../HttpServletRequestWrapper.java 228 3/1/18
The text was updated successfully, but these errors were encountered: