Skip to content

Information Disclosure: Vulnerable Package

Identifier: potential_cve

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

The vulnerability comes from using programs or libraries with known issues that havent been fixed. This happens when the software is outdated or unpatched, and it can allow attackers to exploit weak spots in your system, potentially accessing sensitive data or even taking control of machines. Developers need to keep an eye on third-party packages and ensure they're updated regularly to avoid these security gaps. A common problem is relying on legacy code or quickly integrating external packages without checking for recent security patches, which can leave systems exposed to severe risks if not addressed.

Configuration

Example

Example configuration:

---
security_tests:
  potential_cve:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.