Q
Detector Library
Ruby detectors (21/21)
SQL InjectionDivide by ZeroSensitive HTTP ActionInsufficient Protected CredentialsSensitive Information LeakUntrusted DeserializationLog InjectionXML External EntityPath InjectionHttp to File AccessCode InjectionOS Command InjectionResource leakCross Site Scripting (XSS)Untrusted OpenImproper Input ValidationStack Trace ExposureImproper Certificate Validationsend_file InjectionUnsafe File PermissionsTainted Format
Tag: top25-cwes
XML External Entity
Objects that parse or handle XML can lead to XML External Entity (XXE) attacks when misconfigured.
Code Injection
User input is used in eval command.
Resource leak
Allocated resources are not released properly.