-
Bug
-
Resolution: Unresolved
-
Major
-
None
A group of Findings has been pushed to JIRA to be investigated and fixed:
Group
Group: TEST in test/product / 2024-04-23 / SnykCode Scan (SARIF)
| Severity | CVE | CWE | Component | Version | Title | Status |
|---|---|---|---|---|---|---|
| High | None | [0|] | None | None | jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] | Active, Verified |
| High | None | [0|] | None | None | jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] | Active, Verified |
| High | None | [0|] | None | None | jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] | Active, Verified |
Severity: High
Findings
jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974080 (2974080)
Severity: High
CVE: Unknown
Source File: continuous-deployment/continuous_deployment.py
Source Line: 191
Description:
*Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
*Rule name:* Jinja2AutoEscapeFalse
*Rule short description:* Jinja auto-escape is set to false.
*Code flow:*
1. continuous-deployment/continuous_deployment.py:L191:C19
Reporter: (ccota) ()
Findings
jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974081 (2974081)
Severity: High
CVE: Unknown
Source File: sync2jira/main.py
Source Line: 466
Description:
*Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
*Rule name:* Jinja2AutoEscapeFalse
*Rule short description:* Jinja auto-escape is set to false.
*Code flow:*
1. sync2jira/main.py:L466:C19
Reporter: (ccota) ()
Findings
jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]
Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974079 (2974079)
Severity: High
CVE: Unknown
Source File: sync2jira/downstream_issue.py
Source Line: 288
Description:
*Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
*Rule name:* Jinja2AutoEscapeFalse
*Rule short description:* Jinja auto-escape is set to false.
*Code flow:*
1. sync2jira/downstream_issue.py:L288:C19
Reporter: (ccota) ()