Kotlin : File disclosure

Classification

OWASP Top 10 2013

A4-Insecure Direct Object References

OWASP Top 10 2017

A5-Broken Access Control

OWASP Top 10 2021

A1-Broken Access Control

OWASP ASVS

PCI DSS 4.0

HIPAA

CWE

Overview

The application uses the method that causes a redirect with an unvalidated parameter from an untrusted source. This gives an attacker access to application binary files (including classes and jar files) and allows to view files in protected directories.

References

OWASP Top 10 2017-A5-Broken Access Control
CWE-552: Files or Directories Accessible to External Parties
CWE-1030

MEDIUM

Kotlin : File disclosure

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Kotlin : File disclosure in your application?

See also

Kotlin : Missing required cryptographic step

Kotlin : Logging into system output

Kotlin : Call of notify() in synchronized block