Activities of "SaidAmer"
Hi Alper,
I have applied your suggestion but we still face the same issue, any ideas from your side?
Thanks, Said
Hi Support Team,
We have executed a security check via SonarQube but we received a security issue related to abp framework here are the details about this issue:
| Category | Log Injection | | -------------------- | ----------------------------------------------------------------- | | Review priority | LOW | | Details | Make sure that this logger's configuration is safe. |
Here are the links which might help you:
Configuring loggers is security-sensitive. It has led in the past to the following vulnerabilities:
CVE-2018-0285 CVE-2000-1127 CVE-2017-15113 CVE-2015-5742
How to fix see: OWASP Top 10 2017 Category A3 - Sensitive Data Exposure OWASP Top 10 2017 Category A10 - Insufficient Logging & Monitoring MITRE, CWE-532 - Information Exposure Through Log Files MITRE, CWE-117 - Improper Output Neutralization for Logs MITRE, CWE-778 - Insufficient Logging SANS Top 25 - Porous Defenses
- ABP Framework version: 6.0.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace: see the attached files
- Steps to reproduce the issue: Create a new project with abp framework then execute a security check with SonarQube.
Would you please give this issue a high priority we cannot proceed with abp framework without fixing this issue because we have a security audit from a third party?