sds icon indicating copy to clipboard operation
sds copied to clipboard

Published 20 hours ago verified publisher icon didi

JSON Injection

Open QiAnXinCodeSafe opened this issue 4 years ago • 0 comments

https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L43

https://github.com/didi/sds/blob/0ac9dbe98b6e019bede3517dc333cf2a9e3c4013/sds-admin/src/main/java/com/didiglobal/sds/admin/controller/HeartbeatController.java#L63

The method writes unvalidated input into JSON. This call could allow an attacker to inject arbitrary elements or attributes into the JSON entity.

QiAnXinCodeSafe avatar May 07 '20 08:05 QiAnXinCodeSafe