semgrep-code-dotcms-test[bot]
semgrep-code-dotcms-test[bot]
Semgrep found **11** [`CUSTOM_INJECTION-2`](https://semgrep.dev/playground/r/ZRTldRY/gitlab.find_sec_bugs.CUSTOM_INJECTION-2?utm_campaign=finding_notification&utm_medium=review_comment&utm_source=github&utm_content=rule) findings: * dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java * [L780-783](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L780-783) - [Triage](https://semgrep.dev/orgs/dotCMS1/findings/98117817) * [L780-782](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L780-782) - [Triage](https://semgrep.dev/orgs/dotCMS1/findings/98117818) * [L780-781](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L780-781) - [Triage](https://semgrep.dev/orgs/dotCMS1/findings/98117819) * [L786-789](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L786-789) - [Triage](https://semgrep.dev/orgs/dotCMS1/findings/98117814) * [L786-788](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L786-788) - [Triage](https://semgrep.dev/orgs/dotCMS1/findings/98117815) * [L786-787](https://github.com/dotCMS/core/blob/2fd2c97aaaba1d98438dea2f6ec94f2aa0a310fb/dotCMS/src/main/java/com/dotmarketing/portlets/contentlet/business/HostFactoryImpl.java#L786-787) -...
Semgrep found **1** `ssc-2427bad3-7619-448f-8f95-70806990606e` finding: * core-web/package-lock.json * [L28647](https://github.com/dotCMS/core/blob/27912cd66c673acbf21128cf71e7c2d571ded5c6/core-web/package-lock.json#L28647) - Triage **Risk**: Affected versions of @angular/compiler are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). A...
#### Legal Risk The following dependencies were released under a license that has been flagged by your organization for consideration. #### Recommendation While merging is not directly blocked, it's best...
#### Legal Risk The following dependencies were released under a license that has been flagged by your organization for consideration. #### Recommendation While merging is not directly blocked, it's best...
#### Legal Risk The following dependencies were released under a license that has been flagged by your organization for consideration. #### Recommendation While merging is not directly blocked, it's best...
#### Legal Risk The following dependencies were released under a license that has been flagged by your organization for consideration. #### Recommendation While merging is not directly blocked, it's best...
Semgrep found **23** `ssc-1401e86e-5347-4e09-9335-667e8dfa5deb` findings: * core-web/libs/ui/src/lib/components/dot-sidebar-accordion/components/dot-sidebar-accordion-tab/dot-sidebar-accordion-tab.component.ts * [L28-47](https://github.com/dotCMS/core/blob/ef2be49b7e9f502ec0300f5489e24103d4778bb7/core-web/libs/ui/src/lib/components/dot-sidebar-accordion/components/dot-sidebar-accordion-tab/dot-sidebar-accordion-tab.component.ts#L28-47) - Triage * core-web/libs/sdk/angular/src/lib/components/dotcms-block-editor-renderer/blocks/table.component.ts * [L7-46](https://github.com/dotCMS/core/blob/ef2be49b7e9f502ec0300f5489e24103d4778bb7/core-web/libs/sdk/angular/src/lib/components/dotcms-block-editor-renderer/blocks/table.component.ts#L7-46) - Triage * core-web/libs/sdk/angular/src/lib/components/dotcms-block-editor-renderer/blocks/dot-contentlet.component.ts * [L47-61](https://github.com/dotCMS/core/blob/ef2be49b7e9f502ec0300f5489e24103d4778bb7/core-web/libs/sdk/angular/src/lib/components/dotcms-block-editor-renderer/blocks/dot-contentlet.component.ts#L47-61) - Triage * core-web/libs/edit-content/src/lib/fields/dot-edit-content-category-field/components/dot-category-field-list-skeleton/dot-category-field-list-skeleton.component.ts * [L5-28](https://github.com/dotCMS/core/blob/ef2be49b7e9f502ec0300f5489e24103d4778bb7/core-web/libs/edit-content/src/lib/fields/dot-edit-content-category-field/components/dot-category-field-list-skeleton/dot-category-field-list-skeleton.component.ts#L5-28) - Triage *...
#### Legal Risk The following dependencies were released under a license that has been flagged by your organization for consideration. #### Recommendation While merging is not directly blocked, it's best...
Semgrep found **322** `ssc-1401e86e-5347-4e09-9335-667e8dfa5deb` findings: * core-web/libs/ui/src/lib/modules/dot-dialog/dot-dialog.component.ts * [L23-28](https://github.com/dotCMS/core/blob/b83772aaaf3a5b9bb4060da6e5c4c5fbf76daae3/core-web/libs/ui/src/lib/modules/dot-dialog/dot-dialog.component.ts#L23-28) - Triage * core-web/libs/ui/src/lib/dot-spinner/dot-spinner.component.ts * [L4-9](https://github.com/dotCMS/core/blob/b83772aaaf3a5b9bb4060da6e5c4c5fbf76daae3/core-web/libs/ui/src/lib/dot-spinner/dot-spinner.component.ts#L4-9) - Triage * core-web/libs/ui/src/lib/dot-icon/dot-icon.component.ts * [L10-14](https://github.com/dotCMS/core/blob/b83772aaaf3a5b9bb4060da6e5c4c5fbf76daae3/core-web/libs/ui/src/lib/dot-icon/dot-icon.component.ts#L10-14) - Triage * core-web/libs/ui/src/lib/dot-container-options/dot-container-options.directive.spec.ts * [L18-24](https://github.com/dotCMS/core/blob/b83772aaaf3a5b9bb4060da6e5c4c5fbf76daae3/core-web/libs/ui/src/lib/dot-container-options/dot-container-options.directive.spec.ts#L18-24) - Triage *...
Semgrep found **1** `spring-tainted-path-traversal` finding: * dotCMS/src/main/java/com/dotcms/rest/ContentResource.java * [L1561](https://github.com/dotCMS/core/blob/6947d76291bbc4057625c367785fc2abf4945a79/dotCMS/src/main/java/com/dotcms/rest/ContentResource.java#L1561) - Triage The application builds a file path from potentially untrusted data, which can lead to a path traversal vulnerability. An...