Vulnerable Package
Description
Some programs that you are using may have known vulnerabilities. The presence of these vulnerable packages in your server configuration poses a significant risk, as attackers may exploit these weaknesses to access sensitive data or compromise system integrity. Depending on your operating system and configuration, you may be vulnerable to this CVE.
Remediation
To address this issue, regularly update your packages. Prioritize patching or upgrading the affected packages based on the severity and exploitability of the vulnerabilities. In cases where immediate patching is not feasible, consider implementing compensatory controls or workarounds to mitigate the risk.
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
information_disclosure/potential_cve
Examples
Ignore this check
checks:
information_disclosure/potential_cve:
skip: true
Score
- Escape Severity: MEDIUM
Compliance
OWASP: API8:2023
pci: 6.2
gdpr: Article-32
soc2: CC6
psd2: Article-95
iso27001: A.12.6
nist: SP800-40
fedramp: SI-2
Classification
- CWE: 119
Score
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
- CVSS_SCORE: 7.2