Potential CWE-113 vulnerability in OdataToEntity.AspNetCore

[dshalkhakov]

So I've run a SAST scan with a certain tool against OdataToEntity source code and it uncovered the following issue: CWE-113 in OdataToEntity.AspNetCore MoveNext() method.

It probably originates in some foreach but I couldn't pinpoint the exact location. It can probably can also be fixed by a filter/middleware that would clean the inputs.

Thoughts?

Cheers,
Dmitry

[voronov-maxim]

I need more information, I cannot find foreach where http headers are read.