forked from JoasASantos/NeuroSploit
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvuln_knowledge_base.json
More file actions
executable file
·1360 lines (1360 loc) · 61.9 KB
/
Copy pathvuln_knowledge_base.json
File metadata and controls
executable file
·1360 lines (1360 loc) · 61.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"version": "2.0",
"source": "VulnerabilityRegistry v2 (100 types) + XBOW benchmark insights",
"vulnerability_types": {
"xss_reflected": {
"title": "Reflected Cross-Site Scripting (XSS)",
"severity": "medium",
"cwe_id": "CWE-79",
"description": "Reflected XSS occurs when user input is immediately returned by a web application in an error message, search result, or any other response that includes some or all of the input provided by the user as part of the request, without that data being made safe to render in the browser.",
"impact": "An attacker can execute arbitrary JavaScript in the victim's browser, potentially stealing session cookies, capturing credentials, or performing actions on behalf of the user.",
"remediation": "1. Encode all user input when rendering in HTML context\n2. Use Content-Security-Policy headers\n3. Set HttpOnly flag on sensitive cookies\n4. Use modern frameworks with auto-escaping",
"has_tester": true,
"false_positive_markers": [
"<",
">",
"&",
"Content-Security-Policy"
]
},
"xss_stored": {
"title": "Stored Cross-Site Scripting (XSS)",
"severity": "high",
"cwe_id": "CWE-79",
"description": "Stored XSS occurs when malicious script is permanently stored on the target server, such as in a database, message forum, visitor log, or comment field.",
"impact": "All users who view the affected page will execute the malicious script, leading to mass credential theft, session hijacking, or malware distribution.",
"remediation": "1. Sanitize and validate all user input before storage\n2. Encode output when rendering\n3. Implement Content-Security-Policy\n4. Use HttpOnly and Secure flags on cookies",
"has_tester": true,
"false_positive_markers": [
"<",
">",
"sanitized"
]
},
"xss_dom": {
"title": "DOM-based Cross-Site Scripting",
"severity": "medium",
"cwe_id": "CWE-79",
"description": "DOM-based XSS occurs when client-side JavaScript processes user input and writes it to the DOM in an unsafe way.",
"impact": "Attacker can execute JavaScript in the user's browser through malicious links or user interaction.",
"remediation": "1. Avoid using dangerous DOM sinks (innerHTML, eval, document.write)\n2. Use textContent instead of innerHTML\n3. Sanitize user input on the client side\n4. Implement CSP with strict policies",
"has_tester": true,
"false_positive_markers": []
},
"sqli_error": {
"title": "Error-based SQL Injection",
"severity": "critical",
"cwe_id": "CWE-89",
"description": "SQL injection vulnerability that reveals database errors containing query information, allowing attackers to extract data through error messages.",
"impact": "Complete database compromise including data theft, modification, or deletion. May lead to remote code execution on the database server.",
"remediation": "1. Use parameterized queries/prepared statements\n2. Implement input validation with whitelist approach\n3. Apply least privilege principle for database accounts\n4. Disable detailed error messages in production",
"has_tester": true,
"false_positive_markers": [
"parameterized",
"prepared statement",
"PDO"
]
},
"sqli_union": {
"title": "Union-based SQL Injection",
"severity": "critical",
"cwe_id": "CWE-89",
"description": "SQL injection allowing UNION-based queries to extract data from other database tables.",
"impact": "Full database extraction capability. Attacker can read all database tables, users, and potentially escalate to RCE.",
"remediation": "1. Use parameterized queries exclusively\n2. Implement strict input validation\n3. Use stored procedures where appropriate\n4. Monitor for unusual query patterns",
"has_tester": true,
"false_positive_markers": []
},
"sqli_blind": {
"title": "Blind SQL Injection (Boolean-based)",
"severity": "high",
"cwe_id": "CWE-89",
"description": "SQL injection where results are inferred from application behavior changes rather than direct output.",
"impact": "Slower but complete data extraction is possible. Can lead to full database compromise.",
"remediation": "1. Use parameterized queries\n2. Implement WAF rules for SQL injection patterns\n3. Use connection pooling with timeout limits\n4. Implement query logging and monitoring",
"has_tester": true,
"false_positive_markers": []
},
"sqli_time": {
"title": "Time-based Blind SQL Injection",
"severity": "high",
"cwe_id": "CWE-89",
"description": "SQL injection where attacker can infer information based on time delays in responses.",
"impact": "Complete data extraction possible, though slower. Can determine database structure and content.",
"remediation": "1. Use parameterized queries\n2. Set strict query timeout limits\n3. Monitor for anomalously slow queries\n4. Implement rate limiting",
"has_tester": true,
"false_positive_markers": []
},
"command_injection": {
"title": "OS Command Injection",
"severity": "critical",
"cwe_id": "CWE-78",
"description": "Application passes unsafe user-supplied data to a system shell, allowing execution of arbitrary OS commands.",
"impact": "Complete system compromise. Attacker can execute any command with the application's privileges, potentially gaining full server access.",
"remediation": "1. Avoid shell commands; use native library functions\n2. If shell required, use strict whitelist validation\n3. Never pass user input directly to shell\n4. Run with minimal privileges, use containers",
"has_tester": true,
"false_positive_markers": [
"escapeshellarg",
"escapeshellcmd"
]
},
"ssti": {
"title": "Server-Side Template Injection",
"severity": "critical",
"cwe_id": "CWE-94",
"description": "User input is unsafely embedded into server-side templates, allowing template code execution.",
"impact": "Often leads to remote code execution. Attacker can read files, execute commands, and compromise the server.",
"remediation": "1. Never pass user input to template engines\n2. Use logic-less templates when possible\n3. Implement sandbox environments for templates\n4. Validate and sanitize all template inputs",
"has_tester": true,
"false_positive_markers": [
"autoescape",
"sandbox"
]
},
"nosql_injection": {
"title": "NoSQL Injection",
"severity": "high",
"cwe_id": "CWE-943",
"description": "Injection attack targeting NoSQL databases like MongoDB through operator injection.",
"impact": "Authentication bypass, data theft, and potential server compromise depending on database configuration.",
"remediation": "1. Validate and sanitize all user input\n2. Use parameterized queries where available\n3. Disable server-side JavaScript execution\n4. Apply strict typing to query parameters",
"has_tester": true,
"false_positive_markers": []
},
"lfi": {
"title": "Local File Inclusion",
"severity": "high",
"cwe_id": "CWE-98",
"description": "Application includes local files based on user input, allowing access to sensitive files.",
"impact": "Read sensitive configuration files, source code, and potentially achieve code execution via log poisoning.",
"remediation": "1. Avoid dynamic file inclusion\n2. Use whitelist of allowed files\n3. Validate and sanitize file paths\n4. Implement proper access controls",
"has_tester": true,
"false_positive_markers": [
"open_basedir",
"chroot",
"permission denied"
]
},
"rfi": {
"title": "Remote File Inclusion",
"severity": "critical",
"cwe_id": "CWE-98",
"description": "Application includes remote files, allowing execution of attacker-controlled code.",
"impact": "Direct remote code execution. Complete server compromise.",
"remediation": "1. Disable allow_url_include in PHP\n2. Use whitelists for file inclusion\n3. Never use user input in include paths\n4. Implement strict input validation",
"has_tester": true,
"false_positive_markers": []
},
"path_traversal": {
"title": "Path Traversal",
"severity": "high",
"cwe_id": "CWE-22",
"description": "Application allows navigation outside intended directory through ../ sequences.",
"impact": "Access to sensitive files outside web root, including configuration files and source code.",
"remediation": "1. Validate and sanitize file paths\n2. Use basename() to strip directory components\n3. Implement chroot or containerization\n4. Use whitelist of allowed directories",
"has_tester": true,
"false_positive_markers": []
},
"xxe": {
"title": "XML External Entity Injection",
"severity": "high",
"cwe_id": "CWE-611",
"description": "XML parser processes external entity references, allowing file access or SSRF.",
"impact": "Read local files, perform SSRF attacks, and potentially achieve denial of service.",
"remediation": "1. Disable external entity processing\n2. Use JSON instead of XML where possible\n3. Validate and sanitize XML input\n4. Use updated XML parsers with secure defaults",
"has_tester": true,
"false_positive_markers": [
"disableExternalEntities",
"FEATURE_EXTERNAL"
]
},
"file_upload": {
"title": "Arbitrary File Upload",
"severity": "high",
"cwe_id": "CWE-434",
"description": "Application allows uploading of dangerous file types that can be executed.",
"impact": "Upload of web shells leading to remote code execution and complete server compromise.",
"remediation": "1. Validate file type using magic bytes\n2. Rename uploaded files\n3. Store outside web root\n4. Disable execution in upload directory",
"has_tester": true,
"false_positive_markers": []
},
"ssrf": {
"title": "Server-Side Request Forgery",
"severity": "high",
"cwe_id": "CWE-918",
"description": "Application makes requests to attacker-specified URLs, accessing internal resources.",
"impact": "Access to internal services, cloud metadata, and potential for pivoting to internal networks.",
"remediation": "1. Implement URL whitelist\n2. Block requests to internal IPs\n3. Disable unnecessary URL schemes\n4. Use network segmentation",
"has_tester": true,
"false_positive_markers": [
"blocked",
"denied",
"filtered"
]
},
"ssrf_cloud": {
"title": "SSRF to Cloud Metadata",
"severity": "critical",
"cwe_id": "CWE-918",
"description": "SSRF vulnerability allowing access to cloud provider metadata services.",
"impact": "Credential theft, full cloud account compromise, lateral movement in cloud infrastructure.",
"remediation": "1. Block requests to metadata IPs\n2. Use IMDSv2 (AWS) or equivalent\n3. Implement strict URL validation\n4. Use firewall rules for metadata endpoints",
"has_tester": true,
"false_positive_markers": []
},
"csrf": {
"title": "Cross-Site Request Forgery",
"severity": "medium",
"cwe_id": "CWE-352",
"description": "Application allows state-changing requests without proper origin validation.",
"impact": "Attacker can perform actions as authenticated users, including transfers, password changes, or data modification.",
"remediation": "1. Implement anti-CSRF tokens\n2. Verify Origin/Referer headers\n3. Use SameSite cookie attribute\n4. Require re-authentication for sensitive actions",
"has_tester": true,
"false_positive_markers": [
"csrf_token",
"_token",
"authenticity_token"
]
},
"auth_bypass": {
"title": "Authentication Bypass",
"severity": "critical",
"cwe_id": "CWE-287",
"description": "Authentication mechanisms can be bypassed through various techniques.",
"impact": "Complete unauthorized access to user accounts and protected resources.",
"remediation": "1. Implement proper authentication checks on all routes\n2. Use proven authentication frameworks\n3. Implement account lockout\n4. Use MFA for sensitive accounts",
"has_tester": true,
"false_positive_markers": []
},
"jwt_manipulation": {
"title": "JWT Token Manipulation",
"severity": "high",
"cwe_id": "CWE-347",
"description": "JWT implementation vulnerabilities allowing token forgery or manipulation.",
"impact": "Authentication bypass, privilege escalation, and identity impersonation.",
"remediation": "1. Always verify JWT signatures\n2. Use strong signing algorithms (RS256)\n3. Validate all claims including exp and iss\n4. Implement token refresh mechanisms",
"has_tester": true,
"false_positive_markers": []
},
"session_fixation": {
"title": "Session Fixation",
"severity": "medium",
"cwe_id": "CWE-384",
"description": "Application accepts session tokens from URL parameters or doesn't regenerate after login.",
"impact": "Attacker can hijack user sessions by fixing known session IDs.",
"remediation": "1. Regenerate session ID after login\n2. Only accept session from cookies\n3. Implement secure session management\n4. Use short session timeouts",
"has_tester": true,
"false_positive_markers": []
},
"idor": {
"title": "Insecure Direct Object Reference",
"severity": "high",
"cwe_id": "CWE-639",
"description": "Application exposes internal object IDs without proper authorization checks.",
"impact": "Unauthorized access to other users' data, potentially exposing sensitive information.",
"remediation": "1. Implement proper authorization checks\n2. Use indirect references or UUIDs\n3. Validate user ownership of resources\n4. Implement access control lists",
"has_tester": true,
"false_positive_markers": []
},
"bola": {
"title": "Broken Object Level Authorization",
"severity": "high",
"cwe_id": "CWE-639",
"description": "API endpoints don't properly validate object-level permissions.",
"impact": "Access to any object by manipulating IDs, leading to mass data exposure.",
"remediation": "1. Implement object-level authorization\n2. Validate permissions on every request\n3. Use authorization middleware\n4. Log and monitor access patterns",
"has_tester": true,
"false_positive_markers": []
},
"privilege_escalation": {
"title": "Privilege Escalation",
"severity": "critical",
"cwe_id": "CWE-269",
"description": "User can elevate privileges to access higher-level functionality.",
"impact": "User can gain admin access, access to all data, and full system control.",
"remediation": "1. Implement role-based access control\n2. Validate roles on every request\n3. Use principle of least privilege\n4. Monitor for privilege escalation attempts",
"has_tester": true,
"false_positive_markers": []
},
"cors_misconfig": {
"title": "CORS Misconfiguration",
"severity": "medium",
"cwe_id": "CWE-942",
"description": "Overly permissive CORS policy allows cross-origin requests from untrusted domains.",
"impact": "Cross-origin data theft and unauthorized API access from malicious websites.",
"remediation": "1. Implement strict origin whitelist\n2. Avoid Access-Control-Allow-Origin: *\n3. Validate Origin header server-side\n4. Don't reflect Origin without validation",
"has_tester": true,
"false_positive_markers": [
"Vary: Origin"
]
},
"clickjacking": {
"title": "Clickjacking",
"severity": "medium",
"cwe_id": "CWE-1021",
"description": "Application can be framed by malicious pages, tricking users into clicking hidden elements.",
"impact": "Users can be tricked into performing unintended actions like transfers or permission grants.",
"remediation": "1. Set X-Frame-Options: DENY\n2. Implement frame-ancestors CSP directive\n3. Use JavaScript frame-busting as backup\n4. Require confirmation for sensitive actions",
"has_tester": true,
"false_positive_markers": []
},
"open_redirect": {
"title": "Open Redirect",
"severity": "low",
"cwe_id": "CWE-601",
"description": "Application redirects to user-specified URLs without validation.",
"impact": "Phishing attacks using trusted domain, credential theft, and reputation damage.",
"remediation": "1. Use whitelist for redirect destinations\n2. Validate redirect URLs server-side\n3. Don't use user input directly in redirects\n4. Warn users before redirecting externally",
"has_tester": true,
"false_positive_markers": []
},
"security_headers": {
"title": "Missing Security Headers",
"severity": "low",
"cwe_id": "CWE-693",
"description": "Application doesn't set important security headers like CSP, HSTS, X-Frame-Options.",
"impact": "Increased risk of XSS, clickjacking, and MITM attacks.",
"remediation": "1. Implement Content-Security-Policy\n2. Enable Strict-Transport-Security\n3. Set X-Frame-Options and X-Content-Type-Options\n4. Configure Referrer-Policy",
"has_tester": true,
"false_positive_markers": []
},
"ssl_issues": {
"title": "SSL/TLS Configuration Issues",
"severity": "medium",
"cwe_id": "CWE-326",
"description": "Weak SSL/TLS configuration including outdated protocols or weak ciphers.",
"impact": "Traffic interception, credential theft, and man-in-the-middle attacks.",
"remediation": "1. Disable SSLv3, TLS 1.0, TLS 1.1\n2. Use strong cipher suites only\n3. Enable HSTS with preload\n4. Implement certificate pinning for mobile apps",
"has_tester": true,
"false_positive_markers": []
},
"http_methods": {
"title": "Dangerous HTTP Methods Enabled",
"severity": "low",
"cwe_id": "CWE-749",
"description": "Server allows potentially dangerous HTTP methods like TRACE, PUT, DELETE without proper restrictions.",
"impact": "Potential for XST attacks, unauthorized file uploads, or resource manipulation.",
"remediation": "1. Disable unnecessary HTTP methods\n2. Configure web server to reject TRACE/TRACK\n3. Implement proper authorization for PUT/DELETE\n4. Use web application firewall",
"has_tester": true,
"false_positive_markers": []
},
"race_condition": {
"title": "Race Condition",
"severity": "medium",
"cwe_id": "CWE-362",
"description": "Application has race conditions that can be exploited through concurrent requests.",
"impact": "Double-spending, bypassing limits, or corrupting data through timing attacks.",
"remediation": "1. Implement proper locking mechanisms\n2. Use atomic database operations\n3. Implement idempotency keys\n4. Add proper synchronization",
"has_tester": false,
"false_positive_markers": []
},
"business_logic": {
"title": "Business Logic Vulnerability",
"severity": "varies",
"cwe_id": "CWE-840",
"description": "Flaw in application's business logic allowing unintended behavior.",
"impact": "Varies based on specific flaw - could range from minor to critical impact.",
"remediation": "1. Review business logic flows\n2. Implement comprehensive validation\n3. Add server-side checks for all rules\n4. Test edge cases and negative scenarios",
"has_tester": false,
"false_positive_markers": []
},
"ldap_injection": {
"title": "LDAP Injection",
"severity": "high",
"cwe_id": "CWE-90",
"description": "User input injected into LDAP queries allowing directory enumeration or auth bypass.",
"impact": "Directory enumeration, authentication bypass, data extraction from LDAP stores.",
"remediation": "1. Escape LDAP special characters\n2. Use parameterized LDAP queries\n3. Validate input against whitelist\n4. Apply least privilege to LDAP accounts",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"xpath_injection": {
"title": "XPath Injection",
"severity": "high",
"cwe_id": "CWE-643",
"description": "User input injected into XPath queries manipulating XML data retrieval.",
"impact": "Extraction of XML data, authentication bypass via XPath condition manipulation.",
"remediation": "1. Use parameterized XPath queries\n2. Validate and sanitize input\n3. Avoid string concatenation in XPath\n4. Limit XPath query privileges",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"graphql_injection": {
"title": "GraphQL Injection",
"severity": "high",
"cwe_id": "CWE-89",
"description": "Injection attacks targeting GraphQL endpoints through malicious queries or variables.",
"impact": "Schema exposure, unauthorized data access, denial of service via complex queries.",
"remediation": "1. Disable introspection in production\n2. Implement query depth/complexity limits\n3. Use persisted queries\n4. Apply field-level authorization",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"crlf_injection": {
"title": "CRLF Injection / HTTP Response Splitting",
"severity": "medium",
"cwe_id": "CWE-93",
"description": "Injection of CRLF characters to manipulate HTTP response headers or split responses.",
"impact": "HTTP header injection, session fixation via Set-Cookie, XSS via response splitting.",
"remediation": "1. Strip \\r\\n from user input in headers\n2. Use framework header-setting functions\n3. Validate header values\n4. Implement WAF rules for CRLF patterns",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"header_injection": {
"title": "HTTP Header Injection",
"severity": "medium",
"cwe_id": "CWE-113",
"description": "User input reflected in HTTP headers enabling header manipulation.",
"impact": "Password reset poisoning, cache poisoning, access control bypass via header manipulation.",
"remediation": "1. Validate Host header against whitelist\n2. Don't use Host header for URL generation\n3. Strip CRLF from header values\n4. Use absolute URLs for sensitive operations",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"email_injection": {
"title": "Email Header Injection",
"severity": "medium",
"cwe_id": "CWE-93",
"description": "Injection of email headers through form fields that feed into mail functions.",
"impact": "Spam relay, phishing via injected CC/BCC recipients, email content manipulation.",
"remediation": "1. Validate email addresses strictly\n2. Strip CRLF from email inputs\n3. Use email library APIs not raw headers\n4. Implement rate limiting on email features",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"expression_language_injection": {
"title": "Expression Language Injection",
"severity": "critical",
"cwe_id": "CWE-917",
"description": "Injection of EL/SpEL/OGNL expressions evaluated server-side in Java applications.",
"impact": "Remote code execution, server compromise, data exfiltration via expression evaluation.",
"remediation": "1. Disable EL evaluation on user input\n2. Use strict sandboxing\n3. Update frameworks (Struts2 OGNL patches)\n4. Validate input before template rendering",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"log_injection": {
"title": "Log Injection / Log4Shell",
"severity": "high",
"cwe_id": "CWE-117",
"description": "Injection into application logs enabling log forging or JNDI-based RCE (Log4Shell).",
"impact": "Log tampering, JNDI-based RCE (Log4Shell), log analysis tool exploitation.",
"remediation": "1. Strip newlines from log input\n2. Update Log4j to 2.17+ (CVE-2021-44228)\n3. Disable JNDI lookups\n4. Use structured logging",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"html_injection": {
"title": "HTML Injection",
"severity": "medium",
"cwe_id": "CWE-79",
"description": "Injection of HTML markup into web pages without script execution.",
"impact": "Content spoofing, phishing form injection, defacement, link manipulation.",
"remediation": "1. HTML-encode all user output\n2. Use Content-Security-Policy\n3. Implement output encoding libraries\n4. Sanitize HTML with whitelist approach",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"csv_injection": {
"title": "CSV/Formula Injection",
"severity": "medium",
"cwe_id": "CWE-1236",
"description": "Injection of spreadsheet formulas into data exported as CSV/Excel.",
"impact": "Code execution when CSV opened in Excel, DDE attacks, data exfiltration via formulas.",
"remediation": "1. Prefix cells starting with =,+,-,@ with single quote\n2. Sanitize formula characters\n3. Use safe CSV export libraries\n4. Warn users about untrusted CSV files",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"orm_injection": {
"title": "ORM Injection",
"severity": "high",
"cwe_id": "CWE-89",
"description": "Injection through ORM query builders via operator injection or raw query manipulation.",
"impact": "Data extraction, authentication bypass through ORM filter manipulation.",
"remediation": "1. Use ORM built-in parameter binding\n2. Avoid raw queries with user input\n3. Validate filter operators\n4. Use field-level whitelists",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"blind_xss": {
"title": "Blind Cross-Site Scripting",
"severity": "high",
"cwe_id": "CWE-79",
"description": "XSS payload stored and executed in backend/admin context not visible to the attacker.",
"impact": "Admin session hijacking, backend system compromise, persistent access to admin panels.",
"remediation": "1. Sanitize all input regardless of display context\n2. Implement CSP on admin panels\n3. Use HttpOnly cookies\n4. Review admin panel input rendering",
"has_tester": true,
"false_positive_markers": [
"<",
">",
"Content-Security-Policy"
]
},
"mutation_xss": {
"title": "Mutation XSS (mXSS)",
"severity": "high",
"cwe_id": "CWE-79",
"description": "XSS via browser HTML mutation where sanitized HTML changes to executable form after DOM processing.",
"impact": "Bypasses HTML sanitizers, executes JavaScript through browser parsing quirks.",
"remediation": "1. Update DOMPurify/sanitizers\n2. Use textContent not innerHTML\n3. Avoid innerHTML re-serialization\n4. Test with multiple browsers",
"has_tester": true,
"false_positive_markers": [
"<",
">",
"Content-Security-Policy"
]
},
"arbitrary_file_read": {
"title": "Arbitrary File Read",
"severity": "high",
"cwe_id": "CWE-22",
"description": "Reading arbitrary files via API or download endpoints outside intended scope.",
"impact": "Access to credentials, configuration, source code, private keys.",
"remediation": "1. Validate file paths against whitelist\n2. Use chroot/jail\n3. Implement proper access controls\n4. Avoid user input in file paths",
"has_tester": true,
"false_positive_markers": [
"403",
"Forbidden",
"Access Denied"
]
},
"arbitrary_file_delete": {
"title": "Arbitrary File Delete",
"severity": "high",
"cwe_id": "CWE-22",
"description": "Deleting arbitrary files through path traversal in delete operations.",
"impact": "Denial of service, security bypass by deleting .htaccess/config, data destruction.",
"remediation": "1. Validate file paths strictly\n2. Use indirect references\n3. Implement soft-delete\n4. Restrict delete operations to specific directories",
"has_tester": true,
"false_positive_markers": [
"403",
"Forbidden",
"Access Denied"
]
},
"zip_slip": {
"title": "Zip Slip (Archive Path Traversal)",
"severity": "high",
"cwe_id": "CWE-22",
"description": "Path traversal via crafted archive filenames writing files outside extraction directory.",
"impact": "Arbitrary file write, web shell deployment, configuration overwrite.",
"remediation": "1. Validate archive entry names\n2. Resolve and check extraction paths\n3. Use secure archive extraction libraries\n4. Extract to isolated directories",
"has_tester": true,
"false_positive_markers": []
},
"weak_password": {
"title": "Weak Password Policy",
"severity": "medium",
"cwe_id": "CWE-521",
"description": "Application accepts weak passwords that can be easily guessed or brute-forced.",
"impact": "Account compromise through password guessing, credential stuffing success.",
"remediation": "1. Enforce minimum 8+ character passwords\n2. Check against breached password databases\n3. Implement password strength meter\n4. Follow NIST SP 800-63B guidelines",
"has_tester": true,
"false_positive_markers": []
},
"default_credentials": {
"title": "Default Credentials",
"severity": "critical",
"cwe_id": "CWE-798",
"description": "Application or service uses default factory credentials that haven't been changed.",
"impact": "Complete unauthorized access to admin or management interfaces.",
"remediation": "1. Force password change on first login\n2. Remove default accounts\n3. Implement strong default password generation\n4. Regular credential audits",
"has_tester": true,
"false_positive_markers": []
},
"brute_force": {
"title": "Brute Force Vulnerability",
"severity": "medium",
"cwe_id": "CWE-307",
"description": "Login endpoint lacks rate limiting or account lockout allowing unlimited password attempts.",
"impact": "Account compromise through automated password guessing.",
"remediation": "1. Implement account lockout after N failures\n2. Add rate limiting per IP and per account\n3. Implement CAPTCHA after failures\n4. Use progressive delays",
"has_tester": true,
"false_positive_markers": []
},
"two_factor_bypass": {
"title": "Two-Factor Authentication Bypass",
"severity": "high",
"cwe_id": "CWE-287",
"description": "Second authentication factor can be bypassed through implementation flaws.",
"impact": "Account takeover even when 2FA is enabled, defeating the purpose of MFA.",
"remediation": "1. Enforce 2FA check on all authenticated routes\n2. Use server-side session state for 2FA completion\n3. Rate limit code attempts\n4. Make codes single-use with short expiry",
"has_tester": true,
"false_positive_markers": []
},
"oauth_misconfiguration": {
"title": "OAuth Misconfiguration",
"severity": "high",
"cwe_id": "CWE-601",
"description": "OAuth implementation flaws allowing redirect URI manipulation, state bypass, or token theft.",
"impact": "Account takeover via stolen OAuth tokens, cross-site request forgery.",
"remediation": "1. Strictly validate redirect_uri\n2. Require and validate state parameter\n3. Use PKCE for public clients\n4. Validate all OAuth scopes",
"has_tester": true,
"false_positive_markers": [
"401",
"login required"
]
},
"bfla": {
"title": "Broken Function Level Authorization",
"severity": "high",
"cwe_id": "CWE-285",
"description": "Admin API functions accessible to regular users without proper role checks.",
"impact": "Privilege escalation to admin functionality, system configuration changes.",
"remediation": "1. Implement role-based access control on all endpoints\n2. Deny by default\n3. Centralize authorization logic\n4. Audit all admin endpoints",
"has_tester": true,
"false_positive_markers": []
},
"mass_assignment": {
"title": "Mass Assignment",
"severity": "high",
"cwe_id": "CWE-915",
"description": "Application binds user-supplied data to internal model fields without filtering.",
"impact": "Privilege escalation, data manipulation, bypassing business rules.",
"remediation": "1. Use explicit field whitelists\n2. Implement DTOs for input\n3. Validate all bound fields\n4. Use strong parameter filtering",
"has_tester": true,
"false_positive_markers": []
},
"forced_browsing": {
"title": "Forced Browsing / Broken Access Control",
"severity": "medium",
"cwe_id": "CWE-425",
"description": "Direct URL access to restricted resources that should require authorization.",
"impact": "Access to admin panels, sensitive files, debug interfaces, and internal tools.",
"remediation": "1. Implement authentication on all protected routes\n2. Return 404 instead of 403 for sensitive paths\n3. Remove unnecessary files\n4. Use web server access controls",
"has_tester": true,
"false_positive_markers": []
},
"dom_clobbering": {
"title": "DOM Clobbering",
"severity": "medium",
"cwe_id": "CWE-79",
"description": "HTML injection that overrides JavaScript DOM properties through named elements.",
"impact": "JavaScript logic bypass, potential XSS through clobbered variables.",
"remediation": "1. Use strict variable declarations (const/let)\n2. Avoid global variable references\n3. Use safe DOM APIs\n4. Sanitize HTML input",
"has_tester": true,
"false_positive_markers": []
},
"postmessage_vulnerability": {
"title": "postMessage Vulnerability",
"severity": "medium",
"cwe_id": "CWE-346",
"description": "postMessage handlers that don't validate message origin allowing cross-origin data injection.",
"impact": "Cross-origin data injection, XSS via injected data, sensitive data exfiltration.",
"remediation": "1. Always validate event.origin\n2. Validate message data structure\n3. Use specific target origins\n4. Minimize data sent via postMessage",
"has_tester": true,
"false_positive_markers": []
},
"websocket_hijacking": {
"title": "Cross-Site WebSocket Hijacking",
"severity": "high",
"cwe_id": "CWE-1385",
"description": "WebSocket endpoints accepting connections from arbitrary origins without validation.",
"impact": "Real-time data theft, message injection, session hijacking via WebSocket.",
"remediation": "1. Validate Origin header on WebSocket upgrade\n2. Require authentication per-message\n3. Implement CSRF protection for handshake\n4. Use WSS (encrypted)",
"has_tester": true,
"false_positive_markers": []
},
"prototype_pollution": {
"title": "Prototype Pollution",
"severity": "high",
"cwe_id": "CWE-1321",
"description": "Injection of properties into JavaScript Object.prototype through merge/extend operations.",
"impact": "Authentication bypass, RCE via gadget chains, denial of service.",
"remediation": "1. Freeze Object.prototype\n2. Sanitize __proto__ and constructor keys\n3. Use Map instead of plain objects\n4. Update vulnerable libraries",
"has_tester": true,
"false_positive_markers": []
},
"css_injection": {
"title": "CSS Injection",
"severity": "medium",
"cwe_id": "CWE-79",
"description": "Injection of CSS code through user input reflected in style contexts.",
"impact": "Data exfiltration via CSS selectors, UI manipulation, phishing.",
"remediation": "1. Sanitize CSS properties\n2. Use CSP style-src\n3. Avoid user input in style attributes\n4. Whitelist safe CSS properties",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"tabnabbing": {
"title": "Reverse Tabnabbing",
"severity": "low",
"cwe_id": "CWE-1022",
"description": "Links with target=_blank without rel=noopener allowing opener tab navigation.",
"impact": "Phishing via original tab replacement with fake login page.",
"remediation": "1. Add rel='noopener noreferrer' to target=_blank links\n2. Use frameworks that add it automatically\n3. Audit user-generated links",
"has_tester": true,
"false_positive_markers": []
},
"directory_listing": {
"title": "Directory Listing Enabled",
"severity": "low",
"cwe_id": "CWE-548",
"description": "Web server auto-indexing enabled exposing directory file structure.",
"impact": "Exposure of file structure, sensitive files, backup files, and configuration.",
"remediation": "1. Disable directory listing (Options -Indexes)\n2. Add index files to all directories\n3. Review web server configuration\n4. Use custom error pages",
"has_tester": true,
"false_positive_markers": []
},
"debug_mode": {
"title": "Debug Mode Enabled",
"severity": "high",
"cwe_id": "CWE-489",
"description": "Application running in debug/development mode in production.",
"impact": "Source code exposure, interactive console access, credential disclosure.",
"remediation": "1. Disable debug mode in production\n2. Use environment-specific configuration\n3. Implement custom error pages\n4. Remove debug endpoints",
"has_tester": true,
"false_positive_markers": []
},
"exposed_admin_panel": {
"title": "Exposed Administration Panel",
"severity": "medium",
"cwe_id": "CWE-200",
"description": "Admin panel accessible from public internet without IP restrictions.",
"impact": "Brute force target, credential theft, administration access if default creds.",
"remediation": "1. Restrict admin access by IP/VPN\n2. Use strong authentication + 2FA\n3. Change default admin paths\n4. Implement rate limiting",
"has_tester": true,
"false_positive_markers": []
},
"exposed_api_docs": {
"title": "Exposed API Documentation",
"severity": "low",
"cwe_id": "CWE-200",
"description": "API documentation (Swagger/OpenAPI/GraphQL playground) publicly accessible.",
"impact": "Complete API endpoint mapping, parameter discovery, potential unauthorized access.",
"remediation": "1. Disable API docs in production\n2. Require authentication for docs\n3. Disable GraphQL introspection\n4. Use API gateway access controls",
"has_tester": true,
"false_positive_markers": []
},
"insecure_cookie_flags": {
"title": "Insecure Cookie Configuration",
"severity": "medium",
"cwe_id": "CWE-614",
"description": "Session cookies missing security flags (Secure, HttpOnly, SameSite).",
"impact": "Cookie theft via XSS (no HttpOnly), MITM (no Secure), CSRF (no SameSite).",
"remediation": "1. Set HttpOnly on session cookies\n2. Set Secure flag on HTTPS sites\n3. Set SameSite=Lax or Strict\n4. Review all cookie configurations",
"has_tester": true,
"false_positive_markers": []
},
"http_smuggling": {
"title": "HTTP Request Smuggling",
"severity": "high",
"cwe_id": "CWE-444",
"description": "Discrepancy between front-end and back-end HTTP parsing enabling request smuggling.",
"impact": "Cache poisoning, request hijacking, authentication bypass, response queue poisoning.",
"remediation": "1. Use HTTP/2 end-to-end\n2. Normalize Content-Length/Transfer-Encoding\n3. Reject ambiguous requests\n4. Update proxy/server software",
"has_tester": true,
"false_positive_markers": []
},
"cache_poisoning": {
"title": "Web Cache Poisoning",
"severity": "high",
"cwe_id": "CWE-444",
"description": "Manipulation of cached responses via unkeyed inputs to serve malicious content.",
"impact": "Mass XSS via cached responses, redirect poisoning, denial of service.",
"remediation": "1. Include all inputs in cache key\n2. Validate unkeyed headers\n3. Use Vary header correctly\n4. Implement cache key normalization",
"has_tester": true,
"false_positive_markers": []
},
"rate_limit_bypass": {
"title": "Rate Limit Bypass",
"severity": "medium",
"cwe_id": "CWE-770",
"description": "Rate limiting can be bypassed through header manipulation or request variation.",
"impact": "Enables brute force attacks, API abuse, and denial of service.",
"remediation": "1. Rate limit by authenticated user, not just IP\n2. Don't trust X-Forwarded-For for rate limiting\n3. Implement at multiple layers\n4. Use sliding window algorithms",
"has_tester": true,
"false_positive_markers": []
},
"parameter_pollution": {
"title": "HTTP Parameter Pollution",
"severity": "medium",
"cwe_id": "CWE-235",
"description": "Duplicate parameters exploit parsing differences between front-end and back-end.",
"impact": "WAF bypass, logic bypass, access control circumvention.",
"remediation": "1. Normalize parameters server-side\n2. Reject duplicate parameters\n3. Use consistent parsing\n4. Test with duplicate params",
"has_tester": true,
"false_positive_markers": []
},
"type_juggling": {
"title": "Type Juggling / Type Coercion",
"severity": "high",
"cwe_id": "CWE-843",
"description": "Loose type comparison exploited to bypass authentication or security checks.",
"impact": "Authentication bypass, security check circumvention via type confusion.",
"remediation": "1. Use strict comparison (=== in PHP/JS)\n2. Validate input types\n3. Use strong typing\n4. Hash comparison with timing-safe functions",
"has_tester": true,
"false_positive_markers": []
},
"insecure_deserialization": {
"title": "Insecure Deserialization",
"severity": "critical",
"cwe_id": "CWE-502",
"description": "Untrusted data deserialized without validation enabling code execution.",
"impact": "Remote code execution, denial of service, authentication bypass.",
"remediation": "1. Don't deserialize untrusted data\n2. Use JSON instead of native serialization\n3. Implement integrity checks\n4. Restrict deserialization types",
"has_tester": true,
"false_positive_markers": []
},
"subdomain_takeover": {
"title": "Subdomain Takeover",
"severity": "high",
"cwe_id": "CWE-284",
"description": "Dangling DNS records pointing to unclaimed cloud resources.",
"impact": "Domain impersonation, phishing, cookie theft, authentication bypass.",
"remediation": "1. Audit DNS records regularly\n2. Remove dangling CNAME records\n3. Monitor cloud resource lifecycle\n4. Use DNS monitoring tools",
"has_tester": true,
"false_positive_markers": []
},
"host_header_injection": {
"title": "Host Header Injection",
"severity": "medium",
"cwe_id": "CWE-644",
"description": "Host header value used in URL generation enabling poisoning attacks.",
"impact": "Password reset poisoning, cache poisoning, SSRF via Host header.",
"remediation": "1. Validate Host against allowed values\n2. Use absolute URLs from configuration\n3. Don't use Host header for URL generation\n4. Implement ALLOWED_HOSTS",
"has_tester": true,
"false_positive_markers": [
"sanitized",
"escaped",
"encoded"
]
},
"timing_attack": {
"title": "Timing Attack",
"severity": "medium",
"cwe_id": "CWE-208",
"description": "Response time variations leak information about valid usernames or secret values.",
"impact": "Username enumeration, token/password character extraction.",
"remediation": "1. Use constant-time comparison for secrets\n2. Normalize response times\n3. Add random delays\n4. Use same code path for valid/invalid input",
"has_tester": true,
"false_positive_markers": []
},
"improper_error_handling": {
"title": "Improper Error Handling",
"severity": "low",
"cwe_id": "CWE-209",
"description": "Verbose error messages disclosing internal information in production.",
"impact": "Source path disclosure, database details, technology stack exposure aiding further attacks.",
"remediation": "1. Use custom error pages in production\n2. Log errors server-side only\n3. Return generic error messages\n4. Disable debug/stack trace output",
"has_tester": true,
"false_positive_markers": []
},
"sensitive_data_exposure": {
"title": "Sensitive Data Exposure",
"severity": "high",
"cwe_id": "CWE-200",
"description": "Sensitive data (PII, credentials, tokens) exposed in responses, URLs, or storage.",
"impact": "Identity theft, account compromise, regulatory violations (GDPR, HIPAA).",
"remediation": "1. Minimize data in API responses\n2. Encrypt sensitive data at rest/transit\n3. Remove sensitive data from URLs\n4. Implement data classification",
"has_tester": true,
"false_positive_markers": []
},
"information_disclosure": {
"title": "Information Disclosure",
"severity": "low",
"cwe_id": "CWE-200",
"description": "Unintended exposure of internal details: versions, paths, technology stack.",
"impact": "Aids further attacks with technology-specific exploits and internal knowledge.",
"remediation": "1. Remove version headers\n2. Disable directory listing\n3. Remove HTML comments\n4. Secure .git and config files",
"has_tester": true,
"false_positive_markers": []
},
"api_key_exposure": {
"title": "API Key Exposure",
"severity": "high",
"cwe_id": "CWE-798",
"description": "API keys or secrets hardcoded in client-side code or public files.",
"impact": "Unauthorized API access, financial impact, data breach via exposed keys.",
"remediation": "1. Use environment variables for secrets\n2. Implement key rotation\n3. Use backend proxy for API calls\n4. Monitor key usage for anomalies",
"has_tester": true,
"false_positive_markers": []
},
"source_code_disclosure": {
"title": "Source Code Disclosure",
"severity": "high",
"cwe_id": "CWE-540",
"description": "Application source code accessible through misconfigured servers, backups, or VCS exposure.",
"impact": "White-box attack surface, credential discovery, vulnerability identification.",
"remediation": "1. Block .git, .svn access\n2. Remove source maps in production\n3. Delete backup files\n4. Configure web server to block sensitive extensions",
"has_tester": true,
"false_positive_markers": []
},
"backup_file_exposure": {
"title": "Backup File Exposure",
"severity": "high",
"cwe_id": "CWE-530",
"description": "Backup files, database dumps, or archives accessible from web server.",
"impact": "Full source code access, database contents including credentials.",
"remediation": "1. Store backups outside web root\n2. Remove old backup files\n3. Block backup extensions in web server\n4. Encrypt backup files",
"has_tester": true,
"false_positive_markers": [
"403",
"Forbidden",
"Access Denied"
]
},
"version_disclosure": {
"title": "Software Version Disclosure",
"severity": "low",
"cwe_id": "CWE-200",
"description": "Specific software versions exposed enabling targeted CVE exploitation.",
"impact": "Targeted exploitation of known vulnerabilities for the specific version.",
"remediation": "1. Remove version from headers\n2. Update software regularly\n3. Remove version-disclosing files\n4. Customize error pages",
"has_tester": true,
"false_positive_markers": []
},
"weak_encryption": {
"title": "Weak Encryption Algorithm",
"severity": "medium",
"cwe_id": "CWE-327",
"description": "Use of weak/deprecated encryption algorithms (DES, RC4, ECB mode).",
"impact": "Data decryption, MITM attacks, breaking confidentiality protections.",
"remediation": "1. Use AES-256-GCM or ChaCha20\n2. Disable weak cipher suites\n3. Use TLS 1.2+ only\n4. Regular cryptographic review",
"has_tester": true,
"false_positive_markers": []
},
"weak_hashing": {
"title": "Weak Hashing Algorithm",
"severity": "medium",
"cwe_id": "CWE-328",
"description": "Use of weak hash algorithms (MD5, SHA1) for security-critical purposes.",
"impact": "Password cracking, hash collision attacks, integrity bypass.",
"remediation": "1. Use bcrypt/scrypt/argon2 for passwords\n2. Use SHA-256+ for integrity\n3. Always use salts\n4. Implement key stretching",
"has_tester": true,
"false_positive_markers": []
},
"weak_random": {
"title": "Weak Random Number Generation",
"severity": "medium",
"cwe_id": "CWE-330",
"description": "Predictable random numbers used for security tokens or session IDs.",
"impact": "Token prediction, session hijacking, CSRF token bypass.",
"remediation": "1. Use cryptographic PRNG (secrets module, SecureRandom)\n2. Avoid Math.random() for security\n3. Use sufficient entropy\n4. Regular token rotation",
"has_tester": true,
"false_positive_markers": []
},
"cleartext_transmission": {
"title": "Cleartext Transmission of Sensitive Data",
"severity": "medium",
"cwe_id": "CWE-319",
"description": "Sensitive data transmitted over unencrypted HTTP connections.",
"impact": "Credential theft via MITM, session hijacking, data exposure.",
"remediation": "1. Enforce HTTPS everywhere\n2. Implement HSTS with preload\n3. Redirect HTTP to HTTPS\n4. Set Secure flag on cookies",
"has_tester": true,
"false_positive_markers": []
},
"vulnerable_dependency": {
"title": "Vulnerable Third-Party Dependency",
"severity": "varies",
"cwe_id": "CWE-1104",
"description": "Third-party library with known CVEs in use.",
"impact": "Depends on specific CVE - from XSS to RCE.",
"remediation": "1. Regular dependency updates\n2. Use automated vulnerability scanning\n3. Monitor CVE advisories\n4. Implement SCA in CI/CD",
"has_tester": true,
"false_positive_markers": []
},
"outdated_component": {
"title": "Outdated Software Component",
"severity": "medium",
"cwe_id": "CWE-1104",
"description": "Significantly outdated CMS, framework, or server with multiple known CVEs.",