Using Components with Known Vulnerabilities

Components such as libraries, frameworks and other software modules are almost always run with full privileges. If a vulnerable component is exploited it ends up in serious data loss

Example

Components mostly run with the same privileges the application itself has so flaws in any component can seriously impact the application. Such flaws can be accidental like coding error or intentional like backdoor in component.

Impact

The full range of weaknesses is possible containing injection, broken access control, XSS, etc. This mighr end up in minimal to a complete host takeover and data compromise.

Mitigation / Precaution

  • Remove unused, components unnecessary features, files, and documentation, dependencies.

  • Only use components from official sources. Prefer usage of signed packages to reduce the chance of including a modified, malicious component.

  • Monitor the libraries and components that are unmaintained or of older versions. If patching is not possible, consider deploying a virtual patch to monitor, detect, or protect against issue.

Related Articles