|
Step operates undefined flow variables
|
Low |
Step |
Code Quality |
CWE-457
|
|
Sharedflow has not beeing scanned by CodeSent
|
Low |
FlowCallout |
Code Quality |
|
|
Sensitive information is in the source code
|
Critical |
Step |
Data at Rest |
CWE-256
CWE-312
|
|
Request content is stringified
|
Critical |
Step |
Data Validation
DoS Protection |
CWE-20
|
|
Policy errors are not caught
|
Low |
Step |
Error Handling |
CWE-390
|
|
Overcomplicated or malformed condition
|
Low |
Step
RouteRule
Flow |
Code Quality |
CWE-570
CWE-571
|
|
No mask configuration for the proxy
|
Low |
Proxy |
Code Quality |
|
|
Missing security headers
|
Low |
Proxy |
Secure Configuration |
CWE-523
|
|
Lack of certificate validation
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-295
|
|
JWT/JWS is decoded but not verified in the same flow phase
|
Critical |
Step |
Authentication & Authorisation |
CWE-347
|
|
Connection to the system is not encrypted
|
Critical |
ServiceCallout
MessageLogging
Target |
Data in Transit |
CWE-319
|
|
Cache lookup variable is overwritten
|
Low |
Step |
Code Quality |
CWE-472
|
|
Bypassing AccessControl policy via True-Client-IP header
|
Critical |
AccessControl |
Data Validation |
CWE-290
|