OdataToEntity icon indicating copy to clipboard operation
OdataToEntity copied to clipboard

Published 20 hours ago verified publisher icon voronov-maxim

Potential CWE-113 vulnerability in OdataToEntity.AspNetCore

Open dshalkhakov opened this issue 5 years ago • 1 comments

So I've run a SAST scan with a certain tool against OdataToEntity source code and it uncovered the following issue: CWE-113 in OdataToEntity.AspNetCore MoveNext() method.

It probably originates in some foreach but I couldn't pinpoint the exact location. It can probably can also be fixed by a filter/middleware that would clean the inputs.

Thoughts?

Cheers, Dmitry

dshalkhakov avatar May 20 '20 11:05 dshalkhakov

I need more information, I cannot find foreach where http headers are read.

voronov-maxim avatar May 20 '20 22:05 voronov-maxim