Use of Outdated Vulnerable Component

Use of Outdated Vulnerable Component

Risk: low

Description

The application is using an outdated component with publicly known vulnerabilities. Exploitation of this issue varies from easily accessible off the shelf exploit to requiring custom exploit.

Recommendation

Update to the latest versions to fix the issue. It is also recommended to implement a patch management process to prevent future similar issues and remove all unused dependencies.

Links

• Top 10 A9-Using Components with Known Vulnerabilities

Standards

• OWASP_MASVS_L1:
  • MSTG_CODE_5
• OWASP_MASVS_L2:
  • MSTG_CODE_5
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
  • REQ_6_3
  • REQ_11_3