Skip to content

Information Disclosure: Vulnerable Dependency Detected¶

Identifier: potential_cve

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Packages, libraries, and software components with known CVEs can expose applications to security risks ranging from data breaches to full system compromise.

How we test: We analyze all detected technology packages and software components and match them against a vulnerability database for known CVEs at MEDIUM severity or above. When no version information is available, Escape performs a best-effort CPE lookup and reports potential associations at a reduced severity level (medium or low).

Configuration¶

Example¶

Example configuration:

---
security_tests:
  potential_cve:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.