Uploaded image for project: 'Commons DBCP'
  1. Commons DBCP
  2. DBCP-450

Veracode Static Analysis indicates SQL injection in Commons DBCP jar

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Invalid
    • 2.0.1, 2.1.1
    • 2.2.0
    • Important

    Description

      Veracode Static scan have indicated 3 High severity SQL injection flaws in this jar

      Instances found via Static Scan
      Module # Class # Module Location Fix By Flaw Id
      8 - commons-dbcp2-
      2.1.1.jar
      .../DelegatingPreparedStatement.java 83 16477
      9 - commons-dbcp2-
      2.1.1.jar
      .../DelegatingStatement.java 291 16479
      17 - commons-dbcp2-
      2.1.1.jar
      .../PoolableConnectionFactory.java 325 16476

      Attachments

        Activity

          People

            Unassigned Unassigned
            i-min.mau I-Min Mau
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: