Kotlin : Unsafe encoding

Classification

OWASP Top 10 2013

A6-Sensitive Data Exposure

OWASP Top 10 2017

A6-Security Misconfiguration

OWASP Top 10 2021

A5-Security Misconfiguration

OWASP MASVS

V6: 6.2.(L1/L2/L1+R/L2+R)

OWASP ASVS

Validation, Sanitization and Encoding Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

CWE

CWE-176 CWE-1032

Overview

The used encoding algorithm does not provide complete protection against code injection. The encoding algorithms such as HTML-encode, JS-encode, URL-encode are not a sufficient protection.

References

CWE-176: Improper Handling of Unicode Encoding
OWASP: ESAPI Secure Coding Guideline
OWASP Top 10 2017-A6-Security Misconfiguration
CWE-180: Incorrect Behavior Order: Validate Before Canonicalize
CWE-174: Double Decoding of the Same Data
CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration

MEDIUM

Kotlin : Unsafe encoding

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Kotlin : Unsafe encoding in your application?

See also

Kotlin : Missing required cryptographic step

Kotlin : Logging into system output

Kotlin : Call of notify() in synchronized block