Use of Deprecated Component

Use of Deprecated Component

Risk: hardening

Description

The application is using a deprecated component. New vulnerabilities will not be fixed and hackers might succeed in exploiting this weakness.

Recommendation

To mitigate the risk associated with deprecated components, consider the steps:

1. Identify the deprecated component: Begin by identifying the specific deprecated component being used in your application. This could be a library, framework, language feature, or any other software component.
2. Find an alternative for the deprecated component or a fork of it that is still maintained.
3. Consider paid services that support EoL projects like HeroDevs

Links

• CWE-477: Use of Obsolete Function
• Top 10 A9-Using Components with Known Vulnerabilities

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_5
• OWASP_MASVS_L2:
  • MSTG_CODE_5
• PCI_STANDARDS:
  • REQ_6_2
  • REQ_6_3
  • REQ_11_3
• OWASP_MASVS_v2_1:
  • MASVS_CODE_3
• CNIL_FOR_DEVELOPERS:
  • DEVELOPERS_4_3_1