Home / Vulnerability Database / Java : Unsafe encoding
Java
Java : Unsafe encoding
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP MASVS
PCI DSS 4.0
Overview
The used encoding algorithm does not provide complete protection against code injection. The encoding algorithms such as HTML-encode, JS-encode, URL-encode are not a sufficient protection.
References
- CWE-176: Improper Handling of Unicode Encoding
- OWASP: ESAPI Secure Coding Guideline
- OWASP Top 10 2017-A6-Security Misconfiguration
- CWE-180: Incorrect Behavior Order: Validate Before Canonicalize
- CWE-174: Double Decoding of the Same Data
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
MEDIUM
DerScanner Severity Score
Do you want to fix Java : Unsafe encoding in your application?
See also
Java
Java : Race condition
Java
Java : Text4Shell Vulnerability
Java
