Skip to content

Information Disclosure: Vulnerable JavaScript Library

Identifier: frontend_potential_cve

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

The vulnerability comes from using JavaScript libraries or frontend packages with known issues that have not been fixed. This happens when the frontend dependencies are outdated or unpatched, and it can allow attackers to exploit weak spots in your application, potentially accessing sensitive data or even taking control of user sessions. Developers need to keep an eye on third-party frontend packages and ensure they're updated regularly to avoid these security gaps. A common problem is relying on legacy code or quickly integrating external packages without checking for recent security patches, which can leave frontend applications exposed to severe risks if not addressed.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_potential_cve:
    assets_allowed:
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.