File Inclusion #20406
Replies: 2 comments 1 reply
-
|
Obviously, that's a false positive since there are no HTTP headers in console. |
Beta Was this translation helpful? Give feedback.
-
Can anyone provide suggestions to fix the XSS issue? |
Beta Was this translation helpful? Give feedback.
-
|
There is no XSS issue. It is a console. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Team! While running a vulnerability test using Snyk tool, I encountered a "File Inclusion" issue in the {project_name}\vendor\yiisoft\yii2\console\Application.php file, specifically at line no - 108. The issue is described as: Unsanitized input from an HTTP header flows into require, where it is included dynamically. Allowing unvalidated user input to control files that are included dynamically in PHP can lead to malicious code execution.
I'm currently using "yiisoft/yii2": ">=2.0.5",
Could you please help me resolve this? Thanks in advance!
File Path : https://github.com/yiisoft/yii2/blob/master/framework/console/Application.php
Beta Was this translation helpful? Give feedback.
All reactions