SAST flagged: Format strings can be influenced by an attacker
ps-vm opened this issue · comments
ps-vm commented
Please help prevent duplicate issues before submitting a new one:
- [ x] I've searched other open/closed issues for duplicates before opening up this new issue.
Report
Our SAST report picked up a high vulnerability within this library
- "If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134)."
What did you do?
Configured SAST to run within GitLab pipelines for our iOS project.
What did you expect to happen?
No high vulnerabilities
What happened instead?
Three high vulnerabilities related to this library has been flagged, two of which are in the cmark/config.h
file.
We're on the latest version of this library and need to be able to reduce all critical and high vulnerabilities in order to ensure we're releasing secure products.