You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XML/JsonProvider convert any incoming message/request body into java structures. By knowing the execution environment, an attacker could try to design input structures in order to target the evaluation logic behind.
How it should be
XML/JsonProvider should validate incoming message/request bodies according to a set of allowed schemas. this restricts the opportunities to design arbitrary input structures.
The text was updated successfully, but these errors were encountered:
Description / As-Is
XML/JsonProvider convert any incoming message/request body into java structures. By knowing the execution environment, an attacker could try to design input structures in order to target the evaluation logic behind.
How it should be
XML/JsonProvider should validate incoming message/request bodies according to a set of allowed schemas. this restricts the opportunities to design arbitrary input structures.
The text was updated successfully, but these errors were encountered: