Erlend Oftedal

False positive if XML parser is configured in separate method

3

The following triggers "XML parsing is vulnerable to XXE": ````java public Document parse(String input) throws Exception { DocumentBuilderFactory dbf = documentBuilderFactory(); return dbf.newDocumentBuilder().parse(input); } private DocumentBuilderFactory documentBuilderFactory() throws ParserConfigurationException {...

When clicking "send to repeater" the generated request is application/x-www-form-urlencoded

4

Steps to reproduce: 1. Download http://petstore.swagger.io/v2/swagger.json 2. Open swagger.json in Swagger Parser 3. Find the POST /pet endpoint and click "send to repeater" ``` POST /v2/pet HTTP/1.1 Host: petstore.swagger.io Accept:...

The example app has over 16000 vulnerabilities in its dependencies

1

``` added 104 packages from 224 contributors, removed 129 packages, updated 398 packages and audited 891680 packages in 81.255s found 16330 vulnerabilities (3 moderate, 16326 high, 1 critical) run `npm...

https://dominator.mindedsecurity.com/sharedto/ComparingDOMXSSToolOnRealWorldBug.pdf "TPJS does not have any fuzzing functionality. Even by introducing the tool to the correct test case, TPJS was not able to find the issue because it lost the...

Example: Salah scored 105 points, Fernandes 102 and Kane 98 in your league this GW

Example: Salah has scored 302 points across the teams in this league so far.

 Snyk has created this PR to upgrade org.springframework:spring-core from 4.0.0.RELEASE to 4.3.30.RELEASE. :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly...

 Snyk has created this PR to upgrade multiple dependencies. 👯 The following dependencies are linked and will therefore be updated together. :information_source: Keep your dependencies up-to-date. This makes it...