Hi,

I am getting some XSS Reflected and persistent alerts generated when a .xls or .pdf file contains unsantised XSS injection strings. I do not want to add an alert filter because it is an .asp page that generates these files and so there could be another XSS vulnerability on the page.

I was wondering if the XSS rule could check the Content-Type header and the file identifying line (first

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public

Summary

Dependabot has identified several security vulnerabilities in the 3rd party libraries Pacbot relies on. In most cases, these vulnerabilities can be resolved by upgrading the library to the most current version.

Maintainers, if you're internal to T-Mobile, you should have been seeing these security alerts coming in over the last several weeks. *Please respond to these in a timely ma

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number