Update README.md

[cx-nitzan-massader]

No description provided.

[cx-nitzan-massader]

Checkmarx One – Scan Summary & Details – 0fb464cd-5208-42d7-bc12-cf59bf0974bd

New Issues (34)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	SQL_Injection	/encode.frm: 42	details The application's method executes an SQL query with openrecordset, at line 52 of /encode.frm. The application constructs this SQL query by embeddi... Attack Vector
	SQL_Injection	/encode.frm: 41	details The application's method executes an SQL query with openrecordset, at line 52 of /encode.frm. The application constructs this SQL query by embeddi... Attack Vector
	CVE-2015-2575	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: MySQL Connector/J before 5.1.35 is vulnerable to SQL Injection. The function quoteIdentifier() in the file src/com/mysql/jdbc/StringUtils.java does... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2017-3523	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and ea... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2018-3258	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and pr... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Cx039cb67c-ead3	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: MySQL Connector/J before 5.1.37 is vulnerable to Memory Leak. The method methodCompressedInputStream.getNextPacketFromServer() of src/com/mysq/jdbc... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Cx6f651376-312a	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: MySQL Connector/J before version 5.1.44 and 6.x is vulnerable to memory leak. When using cached server-side prepared statements, a memory leak occu... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Cx7ef609d2-efb5	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: MySQL Connector/J before 5.1.31 is vulnerable to Memory Leak. Upon continuous interruption between the server and the database, the dead connection... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Missing User Instruction	/Dockerfile: 1	details A user should be specified in the dockerfile, otherwise the image will run as root
	Add Instead of Copy	/Dockerfile: 8	details Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
	Add Instead of Copy	/Dockerfile: 7	details Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.
	CVE-2017-3586	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and ea... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2019-11358	Npm-jquery-3.2.1	details Recommended version: 3.5.0 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollu... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2019-2692	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and pr... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
	CVE-2020-11023	Npm-jquery-3.2.1	details Recommended version: 3.5.0 Description: In jQuery versions 1.0.3 through 3.4.1, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQu... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2020-15250	Maven-junit:junit-4.10	details Recommended version: 4.13.1 Description: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like sys... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2020-2875	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2020-2934	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior a... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2021-2471	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). This vulnerability affects versions through 8.0.26. Difficu... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2022-21363	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. ... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	CVE-2024-34517	Maven-org.neo4j:neo4j-cypher-1.8.1	details Recommended version: 4.4.35 Description: The "Cypher" component in Neo4j versions prior to 5.19.0 mishandles IMMUTABLE privileges in some situations where an attacker already has admin acc... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Hardcoded_password_in_Connection_String	/encode.frm: 67	details The application contains hardcoded connection details, ""connection string"", at line 67 of /encode.frm. This connection string contains a hardcode... Attack Vector
	Image Version Using 'latest'	/Dockerfile: 1	details When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili...
	Parameter_Tampering	/encode.frm: 65	details Method at line 65 of /encode.frm gets user input from element text. This input is later concatenated by the application directly into a string var... Attack Vector
	Privacy_Violation	/encode.frm: 42	details Method at line 42 of /encode.frm sends user information outside the application. This may constitute a Privacy Violation. Attack Vector
	Privacy_Violation	/encode.frm: 11	details Method at line 11 of /encode.frm sends user information outside the application. This may constitute a Privacy Violation. Attack Vector
	Unpinned Package Version in Apk Add	/Dockerfile: 1	details Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
	CVE-2017-3589	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and ea... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
	CVE-2020-2933	Maven-mysql:mysql-connector-java-5.1.18	details Recommended version: 8.0.28 Description: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. ... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
	Curl or Wget Instead of Add	/Dockerfile: 7	details Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged
	Curl or Wget Instead of Add	/Dockerfile: 8	details Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged
	Healthcheck Instruction Missing	/Dockerfile: 1	details Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	MAINTAINER Instruction Being Used	/Dockerfile: 2	details The MAINTAINER instruction sets the Author field of the generated images. The LABEL instruction is a much more flexible version of this and you sho...
	Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 7	details Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.