Skip to content

Information Disclosure: Software Component Leak

Identifier: frontend_software_component_leak

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner ASM Scanner

Description

When frontend applications expose details about JavaScript libraries or dependencies, it gives attackers clues about potential vulnerabilities to exploit, making it easier to identify outdated or weak components.

How we test: We analyze frontend JavaScript bundles and responses to detect if version information or library references are exposed. We check if applications properly obfuscate library references and if version information is included in JavaScript files that could aid attackers.

Configuration

Example

Example configuration:

---
security_tests:
  frontend_software_component_leak:
    skip: false

Reference

skip

Type : boolean

Skip the test if true.