Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

False positive: XSS when MimeType.TEXT has been set #15055

Open
JLLeitschuh opened this issue Dec 9, 2023 · 1 comment
Open

False positive: XSS when MimeType.TEXT has been set #15055

JLLeitschuh opened this issue Dec 9, 2023 · 1 comment

Comments

@JLLeitschuh
Copy link
Contributor

Description of the false positive

tez-common/src/main/java/org/apache/tez/common/web/ProfileOutputServlet.java:63

URL to the alert on GitHub code scanning (optional)

https://github.com/OSS-Security-Assessments/apache__tez/security/code-scanning/16

False positive of Cross-Site Scripting because the content-type in the response has been set to MimeType.TEXT

@JLLeitschuh JLLeitschuh changed the title False positive False positive: XSS when MimeType.TEXT has been set Dec 9, 2023
@aibaars
Copy link
Contributor

aibaars commented Dec 11, 2023

Thanks for reporting. That's indeed a false positive. I'll ask the team to have a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants
@JLLeitschuh @aibaars and others