connect2id / OAuth 2.0 SDK with OpenID Connect extensions / issues / #395 - Fix CWE-404 — Bitbucket

Issue #395 resolved

XXX XXX created an issue 2022-07-12

You seem to be vulnerable to https://cwe.mitre.org/data/definitions/404.html

InputStream is = getClass().getClassLoader().getResourceAsStream("iso3166_1alpha3-codes.properties");
try {
    CODES_RESOURCE.load(is);
} catch (IOException e) {
    return null;
}

‌

Comments (2)

Yavor Vasilev
- changed status to open
Thanks for the tip!
- 2022-07-13T16:37:27+00:00
Yavor Vasilev
- changed status to resolved
Fixed in 772ed860. Fix to be released in 9.28.1.
- 2022-07-13T16:49:55+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: resolved

Milestone: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!