API7:2023 Security Misconfiguration - Misleading example

[ynvb]

Scenario #1 - This category shows a JNDI injection issue. I don't believe a JNDI injection is a good example of a "security misconfiguration" issue. sure, sometimes there might be an unnecessary JNDI feature within some specific functionality, and it's really better to turn it off. However, in many other cases, the JNDI functionality is required, and cannot be simply removed. In this case, the best mitigation should follow the line of "Input Sanitization", Usage of "Parameterized Queries", and so on. This is a much better example for Injection use cases (which is partially described in API10:2023 - Unsafe Consumption of APIs)