Location in Source Code:-
/com/netflix/zuul/groovy/GroovyCompatability.groovy (Line 17)
Issue Description and Impact:-
It was observed that the software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site.
Recommendation:-
It is recommended to use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Also, section should be added to web.config and it will append that header to each request.
For example:
"< configuration >
< system.webServer >< httpProtocol >< customHeaders >
< add name="X-Frame-Options" value="DENY" / >
< /customHeaders >< /httpProtocol >
< /system.webServer >
< /configuration >"
Location in Source Code:-
/com/netflix/zuul/groovy/GroovyCompatability.groovy (Line 17)
Issue Description and Impact:-
It was observed that the software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
An attacker could insert malicious functionality into the program by causing the program to download code that the attacker has placed into the untrusted control sphere, such as a malicious web site.
Recommendation:-
It is recommended to use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Also, section should be added to web.config and it will append that header to each request.
For example:
"< configuration >
< system.webServer >< httpProtocol >< customHeaders >
< add name="X-Frame-Options" value="DENY" / >
< /customHeaders >< /httpProtocol >
< /system.webServer >
< /configuration >"