LDAP Injection #367
Merged
LDAP Injection #367
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Approved for import into intermediate branch. |
|
Imported to intermediate branch. |
This was referenced Oct 17, 2023
nnons
pushed a commit
that referenced
this pull request
Nov 13, 2023
* Updating the SSRF category * Revert "Updating the SSRF category" This reverts commit 785bd8b. * Update SSRF classification from `Broken Access Control` to `Server Security Misconfiguration` * Update SSRF mappings in CVSS V3, CWE, and Remediation Advice files * Refactor SSRF category and split `External` variant into `GET Request Only` and `DNS Query Only` * Update CVSS V3 mapping to include the updated mappings for the `External` SSRF variant * PII-leakage-update FROM: P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - PII Leakage TO: P1 - Automotive Security Misconfiguration - Infotainment, Radio Head Unit - Sensitive data Leakage/Exposure Varies - Sensitive Data Exposure - Disclosure of Secrets - PII Leakage/Exposure * Update secure-code-warrior-links.json * Update remediation_advice.json * Update remediation_advice.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update cwe.json * Update remediation_advice.json * HTTP Request Smuggling Adding HTTP Request Smuggling as a new VRT entry. * Update remediation_advice.json * Update cvss_v3.json * Failure to invalidate session on permission change Adding Failure to invalidate session on permission change as a new VRT entry. * Update cwe.json * Update cwe.json * Update remediation_advice.json * Update cwe.json * Deprecation of XSS on IE11 REMOVE: P4 - Cross-Site Scripting (XSS) - IE-Only - IE11 FROM: P5 - Cross-Site Scripting (XSS) - IE-Only - Older Version (< IE11) TO: P5 - Cross-Site Scripting (XSS) - IE-Only * Update remediation_advice.json * LDAP Injection Adding LDAP Injection as a new VRT entry. * Update cwe.json * Update remediation_advice.json * Update cvss_v3.json * HTML-Injection Adding the category below to VRT: P5 - Server-Side Injection - Content Spoofing - HTML Content Injection * SSRF External Low Impact * new IDOR variants new IDOR variants * LDAP Injection (#367) * Update vulnerability-rating-taxonomy.json * Update cvss_v3.json * Update cvss_v3.json * New Changes LDAP Injection * Cryptographic Weakness Category #352 * New changes Cryptographic Weakness category * json parse error fix (#380) * hyphens to underscores in vrt items * Update remediation_advice.json * Update remediation_advice.json --------- Co-authored-by: Amal Murali <amalmurali47@gmail.com> Co-authored-by: Deepak Kumar Jha <Deepak.jha@bugcrowd.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding LDAP Injection as a new VRT entry.