Shibboleth Scan Findings from OWASP Scan Tool
cantor.2 at osu.edu
Wed Nov 24 15:14:29 UTC 2021
The former is a given, the XML code we use is long moribund and riddled with these sorts of bugs, that's why all this code is headed for the trash heap and being replaced with Java.
I have no idea what on earth it thinks the code is doing that makes it think there's a SQL call. I don't trust automated tools and I would imagine it's just making up things out of heuristics.
More information about the users