Info High Critical
Name Severity Scopes Tags Links
User-controlled data in ServiceCallout High Step Data Validation CWE-233 CWE-20
Use of weak hash algorithms High AssignMessage HMAC JavaScript Secure Configuration CWE-327
Unused flow variables Info Step Code Quality CWE-563
Unsafe variable is used to define host High Step Data Validation CWE-20
Unsafe regular expression High Step Data Validation CWE-1333
Target URL is tainted by user input High Step Data Validation CWE-22 CWE-233 CWE-918 CWE-20
SpikeArrest policy doesn't use any identifier High SpikeArrest DoS Protection CWE-770
Sensitive information is in the source code Critical Step Data at Rest CWE-256 CWE-312
Resource is not linked to a policy Info Proxy Code Quality CWE-561
Request content is tainted by user input High Step Data Validation CWE-20 CWE-116
Request content is stringified Critical Step Data Validation DoS Protection CWE-20
Proxy doesn't have default flow High Proxy Code Quality Data Validation CWE-20
Policy sets confidential data in URL parameters High Step Data in Transit CWE-598
Policy is not linked to step Info Proxy Code Quality CWE-561
Open Redirect High Step Data Validation CWE-601 CWE-20
No TLS protocol specified in connection definition High ServiceCallout MessageLogging Target Data in Transit CWE-327
Missing API versioning Info Proxy Secure Configuration CWE-710
Lack of certificate validation Critical ServiceCallout MessageLogging Target Data in Transit CWE-295
JWT/JWS is decoded but not verified in the same flow phase Critical Step Authentication & Authorisation CWE-347
JSONThreatProtection policy is not applied to a request body with JSON type High Flow Data Validation CWE-502 CWE-20