Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[C#] CWE-348: Use of less trusted source #683

Open
1 of 2 tasks
manunio opened this issue May 26, 2022 · 3 comments
Open
1 of 2 tasks

[C#] CWE-348: Use of less trusted source #683

manunio opened this issue May 26, 2022 · 3 comments
Labels
All For One

Comments

@manunio
Copy link

@manunio manunio commented May 26, 2022

Query PR

github/codeql#9339

Language

C#

CVE(s) ID list

  • CVE-20nn-nnnnn

CWE

CWE-348

Report

If an application trusts an HTTP request header like X-Forwarded-For to accurately specify the remote IP address of the connecting client.

Result(s)

Provide at least one useful result found by your query, on some revision of a real project.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

No response

@manunio manunio added the All For One label May 26, 2022
@antonio-morales
Copy link
Contributor

@antonio-morales antonio-morales commented Jun 22, 2022

Hi @manunio!

Did you report these results to the project developers?

@manunio
Copy link
Author

@manunio manunio commented Jun 22, 2022

Hi @antonio-morales i have not seen any recent activity in these projects, should i still report it ?

@antonio-morales
Copy link
Contributor

@antonio-morales antonio-morales commented Jun 29, 2022

@manunio Yes, cause we need a related CVE number in order to accept your submission :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
All For One
Projects
None yet
Development

No branches or pull requests

2 participants