In my spring java application, scan tool is showing vulnerability for Denial of Service: ReadLine for ModelAttribute ("someFormBean")
@RequestMapping(method = RequestMethod.POST)
public String processForm(@Valid @ModelAttribute("someFormBean") MultipleForm form, /*Source*/
BindingResult bindingResult, Model model, HttpServletRequest request) {
return processForm(form, bindingResult, model);
}
What does it mean? How to fix this?
It seems that this is the answer: https://vulncat.fortify.com/en/detail?id=desc.dataflow.abap.denial_of_service
To quote:
Probably your scanner knows (or thinks it knows) how such an attribute is implemented in Spring, so throws this inspection warning. If you could add any details as to: which scanner tool is it, what version it has, which modules/configuration settings, etc. - it would be easier to reason about this message.