Use of Outdated Vulnerable Component

Use of Outdated Vulnerable Component

Risk: low

Description

The application is using an outdated component with publicly known vulnerabilities. Exploitation of this issue varies from easily accessible off the shelf exploit to requiring custom exploit.

Recommendation

To mitigate the risks associated with vulnerable components, consider the steps below:

1. Identify the vulnerable component: Begin by identifying the specific vulnerable component being used in your application. This could be a library, framework, language feature, or any other software component.
2. Update the vulnerable component to the latest version.
3. If the vulnerable component is deprecated, consider using an alternative component or fork.

Links

• Top 10 A9-Using Components with Known Vulnerabilities

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_5
• OWASP_MASVS_L2:
  • MSTG_CODE_5
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
  • REQ_6_3
  • REQ_11_3
• OWASP_MASVS_v2_1:
  • MASVS_CODE_3
• SOC2_CONTROLS:
  • CC_2_1
  • CC_4_1
  • CC_6_6
  • CC_7_1
  • CC_7_2
  • CC_7_4
  • CC_7_5
  • CC_8_1
  • CC_9_2