Uploaded image for project: 'TEST Defect Tracking Project'
  1. TEST Defect Tracking Project
  2. TEST-1300

Medium

XMLWordPrintable

    • False
    • None
    • False

      A group of Findings has been pushed to JIRA to be investigated and fixed:

      Group

      Group: Medium in test/PSSECAUT-317 / TEST / SnykCode Scan (SARIF)

      Severity CVE CWE Component Version Title Status
      Medium None [0|] None None jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] Active
      Medium None [0|] None None jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] Active
      Medium None [0|] None None jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...] Active

      Severity: Medium

      Findings

      jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974082 (2974082)
      Severity: Medium

      CVE: Unknown

      Source File: sync2jira/downstream_issue.py

      Source Line: 288

      Description:
      *Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
      *Rule name:* Jinja2AutoEscapeFalse
      *Rule short description:* Jinja auto-escape is set to false.
      *Code flow:*
      1. sync2jira/downstream_issue.py:L288:C19

      Reporter: (ccota) ()

      Findings

      jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974083 (2974083)
      Severity: Medium

      CVE: Unknown

      Source File: continuous-deployment/continuous_deployment.py

      Source Line: 191

      Description:
      *Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
      *Rule name:* Jinja2AutoEscapeFalse
      *Rule short description:* Jinja auto-escape is set to false.
      *Code flow:*
      1. continuous-deployment/continuous_deployment.py:L191:C19

      Reporter: (ccota) ()

      Findings

      jinja2.Environment Is Called With No Autoescape Argument (Autoescaping Is Disabled by Default). This Increases the Risk of Cross-Site Scripting [...]

      Defect Dojo link: https://redhat-prodsec.cloud.defectdojo.com/finding/2974084 (2974084)
      Severity: Medium

      CVE: Unknown

      Source File: sync2jira/main.py

      Source Line: 466

      Description:
      *Result message:* jinja2.Environment is called with no autoescape argument (autoescaping is disabled by default). This increases the risk of Cross-Site Scripting (XSS) attacks.
      *Rule name:* Jinja2AutoEscapeFalse
      *Rule short description:* Jinja auto-escape is set to false.
      *Code flow:*
      1. sync2jira/main.py:L466:C19

      Reporter: (ccota) ()

              Unassigned Unassigned
              defectdojo-prodsec Defect Dojo (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: