Nosql-injection-servlets
Nosql injection servlets
nosql-injection-servlets
nosql-injection-servlets
Untrusted input might be used to build a database query, which can lead to a NoSQL injection vulnerability. An attacker can execute malicious NoSQL statements and gain unauthorized access to sensitive data, modify, delete data, or execute arbitrary system commands. Make sure all user input is validated and sanitized, and avoid if possible to use it to construct the NoSQL statement.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 9
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- N
- e
- u
- t
- r
- a
- l
- i
- z
- a
- t
- i
- o
- n
-
- o
- f
-
- S
- p
- e
- c
- i
- a
- l
-
- E
- l
- e
- m
- e
- n
- t
- s
-
- u
- s
- e
- d
-
- i
- n
-
- a
- n
-
- S
- Q
- L
-
- C
- o
- m
- m
- a
- n
- d
-
- (
- ’
- S
- Q
- L
-
- I
- n
- j
- e
- c
- t
- i
- o
- n
- ’
- )
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 8
- 9
- :
-
- I
- m
- p
- r
- o
- p
- e
- r
-
- N
- e
- u
- t
- r
- a
- l
- i
- z
- a
- t
- i
- o
- n
-
- o
- f
-
- S
- p
- e
- c
- i
- a
- l
-
- E
- l
- e
- m
- e
- n
- t
- s
-
- u
- s
- e
- d
-
- i
- n
-
- a
- n
-
- S
- Q
- L
-
- C
- o
- m
- m
- a
- n
- d
-
- (
- ’
- S
- Q
- L
-
- I
- n
- j
- e
- c
- t
- i
- o
- n
- ’
- )
OWASP:
- A01:2017 - Injection
- A03:2021 - Injection