Name Severity Scopes Tags Links
User-controlled data in ServiceCallout High Step Data Validation CWE-233 CWE-20
Unused flow variables Info Step Code Quality CWE-563
Unsafe variable is used to define host High Step Data Validation CWE-20
Unreachable RouteRule Medium Proxy Code Quality CWE-561
Unreachable Flow Medium Proxy Code Quality CWE-561
The Authorization header is not removed before the request is made to the target system High Proxy Data in Transit CWE-201
Target URL is tainted by user input High Step Data Validation CWE-22 CWE-233 CWE-918 CWE-20
Step operates undefined flow variables Low Step Code Quality CWE-457
SpikeArrest policy doesn't use any identifier Critical SpikeArrest DoS Protection CWE-770
ServiceCallout policy uses default request object Low ServiceCallout Data in Transit CWE-200
Resource is not linked to a policy Info Proxy Code Quality CWE-561
Request content is stringified Critical Step Data Validation DoS Protection CWE-20
Request Content is tainted by user input High Step Data Validation CWE-20 CWE-116
Proxy doesn't have default flow High Proxy Code Quality Data Validation CWE-20
Private flow variable is written into public one Medium Step Data at Rest CWE-532
Policy sets confidential data in URL parameters High Step Data in Transit CWE-598
Policy is not linked to step Info Proxy Code Quality CWE-561
Policy errors are not caught Low Step Error Handling CWE-390
Overcomplicated or malformed condition Low Step RouteRule Flow Code Quality CWE-570 CWE-571
Open Redirect High Step Data Validation CWE-601 CWE-20