python · flawfinderHeads-up
flawfinder: Terminal Escape Sequence and XML Injection via Improper Input Neutralization
Improper input neutralization in flawfinder leads to Terminal/ANSI Escape Sequence Injection and XML Injection, allowing output manipulation such as hiding scan
What changed
Improper input neutralization in flawfinder leads to Terminal/ANSI Escape Sequence Injection and XML Injection, allowing output manipulation such as hiding scan results or corrupting CSV/SonarQube outputs.
Who it affects
Users who use flawfinder to evaluate intentionally malicious filenames or file contents.
What to do today
Upgrade to flawfinder version 2.0.20 or later immediately using pip install --upgrade flawfinder or update GitHub Actions workflow to david-a-wheeler/[email protected].
The trail
Collected→
Audited→
Written→
Published