Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dotnet-core
- Code-injection
- Command-injection
- Cookies
- Jwt
- Nosqli
- Path-traversal
- Sqli
- Ssrf
- Xpath-injection
- Xpath-taint-grpc
- Xpath-taint-low
- Xpath-taint
- Xxe
- Dotnet
- Jwt-dotnet
- Lang
- Mongo
- Postgres
- Razor
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Xpath-taint-grpc
Xpath taint grpc
XPath queries are constructed dynamically on user-controlled input. This could lead to XPath injection if variables passed into the evaluate or compile commands are not properly sanitized. Xpath injection could lead to unauthorized access to sensitive information in XML documents. Thoroughly sanitize user input or use parameterized XPath queries if you can.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-643: Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
OWASP:
- A03:2021 - Injection