Code Security Report: 1 findings [main]

[mend-developer-platform-dev]

Code Security Report

Scan Metadata

Latest Scan: 2025-09-17 07:59AM
Total Findings: 1 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 2
Detected Programming Languages: 1 (Java*)

Most Relevant Findings

The list below presents the 1 most relevant finding that need your attention.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Low	Log Forging	CWE-117	MainController.java:18	1	2025-09-17 07:59AM
Vulnerable Code log4shell-vulnerable-app/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java Lines 14 to 22 in 998e25d private static final Logger logger = LogManager.getLogger("HelloWorld"); @GetMapping("/") public String index(@RequestHeader("X-Api-Version") String apiVersion) { logger.info("Received a request for API version " + apiVersion); return "Hello, world!"; } } Data Flows (1 detected) log4shell-vulnerable-app/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java Line 17 in 998e25d public String index(@RequestHeader("X-Api-Version") String apiVersion) { log4shell-vulnerable-app/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java Line 18 in 998e25d logger.info("Received a request for API version " + apiVersion); log4shell-vulnerable-app/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java Line 17 in 998e25d public String index(@RequestHeader("X-Api-Version") String apiVersion) { log4shell-vulnerable-app/src/main/java/fr/christophetd/log4shell/vulnerableapp/MainController.java Line 18 in 998e25d logger.info("Received a request for API version " + apiVersion); Secure Code Warrior Training Material 🎓 Training Secure Code Warrior Log Forging Training 📺 Videos Secure Code Warrior Log Forging Video 📚 Further Reading OWASP Log Forging

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
Low	Log Forging	CWE-117	Java*	1