DerScanner
Home / Vulnerability Database / Scala : File disclosure
Scala

Scala : File disclosure

Classification

OWASP Top 10 2013
A4-Insecure Direct Object References
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
OWASP ASVS
Files and Resources
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-1030

Overview

The application uses the method that causes a redirect with an unvalidated parameter from an untrusted source. This gives an attacker access to application binary files (including classes and jar files) and allows to view files in protected directories.

References

  1. OWASP Top 10 2017-A5-Broken Access Control
  2. CWE-552: Files or Directories Accessible to External Parties
  3. CWE-1030
MEDIUM

DerScanner Severity Score

Do you want to fix Scala : File disclosure in your application?

See also

Scala

Scala : Unreleased resource stream

Scala

Scala : Multiple loggers in same class

Scala

Scala : Insufficient encryption key length