Details
Alert Id 30002
Alert Type Active
Status release
Risk Medium
CWE 134
WASC 6
Tags OWASP_2017_A01
OWASP_2021_A03

Summary

A Format String error occurs when the submitted data of an input string is evaluated as a command by the application.

Solution

Rewrite the background program using proper deletion of bad character strings. This will require a recompile of the background executable.

References

Code

org/zaproxy/zap/extension/ascanrules/FormatStringScanRule.java