Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Android
- Aws-lambda
- Castor
- Java-jwt
- Jax-rs
- Jboss
- Jdo
- Jedis
- Jjwt
- Jsch
- Kryo
- Lang
- Micronaut
- Mongo
- Mongodb
- Mysql
- Okhttp
- Rmi
- Servlets
- Security
- Security
- Audit
- Castor-deserialization-deepsemgrep
- Crlf-injection-logs-deepsemgrep
- Crlf-injection-logs
- Httpservlet-path-traversal-deepsemgrep
- Httpservlet-path-traversal
- Kryo-deserialization-deepsemgrep
- No-direct-response-writer-deepsemgrep
- No-direct-response-writer
- Nosql-injection-servlets
- Objectinputstream-deserialization-servlets
- Servletresponse-writer-xss-deepsemgrep
- Servletresponse-writer-xss
- Tainted-cmd-from-http-request-deepsemgrep
- Tainted-cmd-from-http-request
- Tainted-code-injection-from-http-request-deepsemgrep
- Tainted-code-injection-from-http-request
- Tainted-ldapi-from-http-request-deepsemgrep
- Tainted-ldapi-from-http-request
- Tainted-session-from-http-request-deepsemgrep
- Tainted-session-from-http-request
- Tainted-sql-from-http-request-deepsemgrep
- Tainted-sql-from-http-request
- Tainted-ssrf-deepsemgrep-add
- Tainted-ssrf-deepsemgrep-format
- Tainted-ssrf-deepsemgrep
- Tainted-ssrf
- Tainted-xml-decoder-deepsemgrep
- Tainted-xml-decoder
- Tainted-xpath-from-http-request-deepsemgrep
- Tainted-xpath-from-http-request
- Xstream-anytype-deserialization-deepsemgrep
- Xxe
- Spring
- Thymeleaf
- Xstream
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Tainted-xpath-from-http-request-deepsemgrep
Tainted xpath from http request deepsemgrep
Detected input from a HTTPServletRequest going into a XPath evaluate or compile command. This could lead to xpath injection if variables passed into the evaluate or compile commands are not properly sanitized. Xpath injection could lead to unauthorized access to sensitive information in XML documents. Instead, thoroughly sanitize user input or use parameterized xpath queries if you can.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-643: Improper Neutralization of Data within XPath Expressions (‘XPath Injection’)
OWASP:
- A03:2021 - Injection