Improper resource allocation - Buffer overflow
Description
Within the code there are unsafe statements that can affect the performance and response time of the application. See https://rules.sonarsource.com/java/RSPEC-1149?search=stringbuffer for more information.
Impact
Affect application performance.
Recommendation
Use the libraries that allow to execute the functions of concatenation and storage in collections in an optimized way (ArrayList and StringBuilder or SyncronizedList).
Threat
Attacker with access to the application.
Expected Remediation Time
⌚ 30 minutes.
Score
Default score using CVSS 3.1. It may change depending on the context of the src.
Base
- Attack vector: A
- Attack complexity: H
- Privileges required: L
- User interaction: N
- Scope: U
- Confidentiality: N
- Integrity: N
- Availability: L
Temporal
- Exploit code madurity: P
- Remediation level: X
- Report confidence: X
Result
- Vector string: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:X
- Score:
- Base: 2.6
- Temporal: 2.5
- Severity:
- Base: Low
- Temporal: Low
Requirements
- 072.Set maximum response time
- 158.Use a secure programming language
- 164.Use optimized structures
- 173.Discard unsafe inputs
Fixes
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.