Code Security Finding: HTTP Header Injection (CWE-113, Low Severity) in NullByteInjectionServlet.java:57

[joshn-whitesource-app]

Code Security Finding

This finding was first detected on 2024-02-16 01:29pm GMT and is still present in the last scan performed on 2024-02-16 01:58pm GMT:

Severity	Vulnerability Type	CWE	File	Data Flows
Low	HTTP Header Injection	CWE-113	NullByteInjectionServlet.java:57	1
Vulnerable Code easybuggy4/src/main/java/org/t246osslab/easybuggy/vulnerabilities/NullByteInjectionServlet.java Lines 52 to 57 in f83166e ServletContext ctx = getServletContext(); fis = new FileInputStream(file); String mimeType = ctx.getMimeType(file.getAbsolutePath()); res.setContentType(mimeType != null ? mimeType : "application/octet-stream"); res.setContentLength((int) file.length()); res.setHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); 1 Data Flow/s detected Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior HTTP Header Injection Training ● Videos    ▪ Secure Code Warrior HTTP Header Injection Video 🏴 Suppress Finding ... as False Alarm ... as Acceptable Risk