Skip to content

Include warning about intentional vulnerabilities#2

Open
cx-lucas-ferreira wants to merge 1 commit into
PythonPackagesfrom
cx-lucas-ferreira-patch-1
Open

Include warning about intentional vulnerabilities#2
cx-lucas-ferreira wants to merge 1 commit into
PythonPackagesfrom
cx-lucas-ferreira-patch-1

Conversation

@cx-lucas-ferreira

Copy link
Copy Markdown

Add a notice about intentional vulnerabilities in the project.

Add a notice about intentional vulnerabilities in the project.
@cx-lucas-ferreira

cx-lucas-ferreira commented Mar 5, 2026

Copy link
Copy Markdown
Author

Logo
Checkmarx One – Scan Summary & Details33915c64-6390-44c3-a33c-fd2c719e096d


New Issues (343)

Critical: 41 · High: 55 · Medium: 111 · Low: 136

AI Triage*: Suspected False Positive 3 · View triage analysis

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL CVE-2019-20477 Python-PyYAML-5.1
detailsRecommended version: 5.4
Description: PyYAML 5.1b1 through 5.1.2 has insufficient restrictions on the `load` and `load_all` functions because of a class deserialization issue. E.g., `Po...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
2 CRITICAL CVE-2019-8341 Python-Jinja2-2.10
detailsRecommended version: 3.1.6
Description: An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" para...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
3 CRITICAL CVE-2020-1747 Python-PyYAML-5.1
detailsRecommended version: 5.4
Description: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processe...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
4 CRITICAL CVE-2023-37920 Python-certifi-2022.9.14
detailsRecommended version: 2024.7.4
Description: Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hos...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
5 CRITICAL CVE-2024-53908 Python-Django-4.2.13
detailsRecommended version: 4.2.28
Description: An issue was discovered in Django versions 3.1a1 through 4.2.16, 5.0a1 through 5.0.9, and 5.1a1 through 5.1.3. Direct usage of the `django.db.model...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
6 CRITICAL CVE-2025-59681 Python-Django-4.2.13
detailsRecommended version: 4.2.28
Description: An issue was discovered in Django versions 4.2.x prior to 4.2.25, 5.0.x prior to 5.1.13, 5.2.x prior to 5.2.7, and 6.0a1. 'QuerySet.annotate()', 'Q...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
7 CRITICAL CVE-2025-64459 Python-Django-4.2.13
detailsRecommended version: 4.2.28
Description: An issue was discovered in Django versions through 4.2.26, 5.1.x prior to 5.1.14, 5.2.x prior to 5.2.8, and 6.0x through 6.0b1. NFKC normalization ...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
8 CRITICAL Code_Injection /app/views/blabController.py: 326
detailsThe application's blabbers method receives and dynamically executes user-controlled code using eval, at line 348 of /app/views/blabController.py...
Attack Vector
9 CRITICAL Command_Injection /app/views/toolsController.py: 29
detailsThe application's fortune method calls an OS (shell) command with BinaryExpr, at line 68 of /app/views/toolsController.py, using an untrusted st...
Attack Vector
10 CRITICAL SQL_Injection /app/views/userController.py: 384
detailsThe application's processRegisterFinish method executes an SQL query with execute, at line 420 of /app/views/userController.py. The application c...
Attack Vector
11 CRITICAL SQL_Injection /app/views/userController.py: 209
detailsThe application's showTotp method executes an SQL query with execute, at line 227 of /app/views/userController.py. The application constructs thi...
Attack Vector
12 CRITICAL SQL_Injection /app/views/userController.py: 467
detailsThe application's showProfile method executes an SQL query with execute, at line 523 of /app/views/userController.py. The application constructs ...
Attack Vector
13 CRITICAL SQL_Injection /app/views/userController.py: 467
detailsThe application's showProfile method executes an SQL query with execute, at line 513 of /app/views/userController.py. The application constructs ...
Attack Vector
14 CRITICAL SQL_Injection /app/views/userController.py: 467
detailsThe application's showProfile method executes an SQL query with execute, at line 494 of /app/views/userController.py. The application constructs ...
Attack Vector
15 CRITICAL SQL_Injection /app/views/userController.py: 554
detailsThe application's updateUsername method executes an SQL query with execute, at line 774 of /app/views/userController.py. The application construc...
Attack Vector
16 CRITICAL SQL_Injection /app/views/userController.py: 405
detailsThe application's processRegisterFinish method executes an SQL query with execute, at line 420 of /app/views/userController.py. The application c...
Attack Vector
17 CRITICAL SQL_Injection /app/views/userController.py: 554
detailsThe application's usernameExists method executes an SQL query with execute, at line 733 of /app/views/userController.py. The application construc...
Attack Vector
18 CRITICAL SQL_Injection /app/views/userController.py: 391
detailsThe application's processRegisterFinish method executes an SQL query with execute, at line 420 of /app/views/userController.py. The application c...
Attack Vector
19 CRITICAL SQL_Injection /app/views/userController.py: 209
detailsThe application's processTotp method executes an SQL query with execute, at line 261 of /app/views/userController.py. The application constructs ...
Attack Vector
20 CRITICAL SQL_Injection /app/views/blabController.py: 275
detailsThe application's blabbers method executes an SQL query with execute, at line 300 of /app/views/blabController.py. The application constructs thi...
Attack Vector
21 CRITICAL SQL_Injection /app/views/userController.py: 406
detailsThe application's processRegisterFinish method executes an SQL query with execute, at line 420 of /app/views/userController.py. The application c...
Attack Vector

More results are available on the CxOne platform


Policy Management Violations (1)
Policy Name: Default policy This is the default policy that applies to all projects in your account.
  • Rule Name: New vulnerabilities of Critical and High severity levels detected
    Scanner: SCA,SAST

*AI agents that triage & remediate new issues in your PR scan. Learn more

Use @Checkmarx to interact with Checkmarx PR Assistant. New: ask the AI agent for remediation and automatically create a new pull request.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR
@Checkmarx remediate issues 1, 2, 7

@cx-lucas-ferreira

Copy link
Copy Markdown
Author

Logo
Checkmarx One – AI Triage33915c64-6390-44c3-a33c-fd2c719e096d


1. CVE-2019-20477 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

PyYAML 5.1 with CVE-2019-20477 is declared as a direct dependency in requirements.txt but is completely unused throughout the application codebase. Comprehensive searches found zero imports or usage of the yaml module across all 27 Python files. The vulnerable yaml.load() and yaml.load_all() functions are never called, making the deserialization vulnerability unreachable and unexploitable despite the vulnerable package being installed.


3. CVE-2020-1747 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

PyYAML 5.1 (vulnerable to CVE-2020-1747) is present as a dependency but completely unused in the application. Comprehensive searches found no yaml imports, no calls to vulnerable functions (yaml.full_load() or yaml.FullLoader), and no YAML processing anywhere in the codebase. While the vulnerable library is installed, it presents no exploitable attack surface since the application never invokes any PyYAML functionality.


6. CVE-2025-59681 · Critical · Suspected False Positive

Triage context: Not Reachable · Not Exploitable

While the application uses vulnerable Django 4.2.13, the CVE-2025-59681 SQL injection vulnerability is not exploitable due to two independent protective factors: (1) the codebase does not use any of the vulnerable Django ORM methods (annotate(), alias(), aggregate(), extra()) and instead relies exclusively on raw SQL queries, and (2) the application uses SQLite3 as its database backend rather than the affected MySQL/MariaDB engines.


8. Code_Injection · Critical

Triage context: Reachable · Exploitable

The verification checklist confirms a critical code injection vulnerability in /app/views/blabController.py where user input flows directly from request.POST.get() at line 326 to eval() at line 348 with zero security controls. The vulnerable endpoint is mapped to '/blabbers' and requires only basic session authentication, meaning any registered user can exploit it. The @csrf_exempt decorator removes CSRF protection, enabling cross-site exploitation, and no validation, sanitization, or authorization checks exist to prevent arbitrary code execution.


Use @Checkmarx to interact with Checkmarx PR Assistant. New: ask the AI agent for remediation and automatically create a new pull request.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx remediate issues 1, 2, 7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant