This repository has been archived by the owner on Jun 13, 2019. It is now read-only.

Unscoped Find #14

Closed

10dot-owasp opened this issue Apr 20, 2016 · 0 comments

10dot-owasp commented Apr 20, 2016

Codeburner identified the following vulnerability in groupon/codeburner release a5dee0f228f0fce09d1ebbd31d3fa0e4ae23ee26:

Description: Unscoped Find
Severity:       Low
Details:         Unscoped call to Finding#find
http://brakemanscanner.org/docs/warning_types/unscoped_find/
Scanner:       Brakeman
File:               app/controllers/api/finding_controller.rb, Line: 225
Code:

Finding.find(params[:id])

10dot-owasp closed this as completed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.