Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
http4s is an open source scala interface for HTTP. Header values (`Header.value`), Status reason phrases (`Status.reason`), URI paths (`Uri.Path`), URI authority registered names (`URI.RegName`).
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id
74
name
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
2
cwe_id
937
name
OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description
Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id
918
name
Server-Side Request Forgery (SSRF)
description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4
cwe_id
78
name
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.