Story #15289: POC

[marob]

No description provided.

[vitam-prg]

Checkmarx One – Scan Summary & Details – 0b93950f-8246-4e4e-a707-a7a6b541d1e9

New Issues (5)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Parameter_Tampering	/api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java: 45	details Method addMessage at line 45 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java gets user inp... Attack Vector
2		Parameter_Tampering	/api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java: 40	details Method createDiscussion at line 40 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java gets us... Attack Vector
3		Parameter_Tampering	/api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java: 45	details Method addMessage at line 45 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java gets user inp... Attack Vector
4		Parameter_Tampering	/api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java: 50	details Method resolveDiscussion at line 50 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java gets u... Attack Vector
5		Parameter_Tampering	/api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java: 55	details Method unresolveDiscussion at line 55 of /api/api-iam/iam/src/main/java/fr/gouv/vitamui/iam/server/discussion/rest/DiscussionController.java gets... Attack Vector

Fixed Issues (15)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2022-40152	Maven-com.fasterxml.woodstox:woodstox-core-6.2.6
	CVE-2023-44483	Maven-org.apache.santuario:xmlsec-2.3.0
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 65
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 81
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
	Log_Forging	/api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 65

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR