@zerothreatai/vulnerability-registry 3.0.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/dist/categories/authentication.js +34 -17
  2. package/dist/categories/configuration.js +561 -60
  3. package/dist/categories/injection.js +68 -34
  4. package/dist/categories/sensitive-paths.js +168 -84
  5. package/dist/categories/ssrf.js +22 -11
  6. package/dist/categories/xss.js +30 -15
  7. package/dist/category.d.ts +6 -0
  8. package/dist/category.js +15 -0
  9. package/dist/error-codes.d.ts +20 -0
  10. package/dist/error-codes.js +20 -0
  11. package/dist/index.d.ts +9 -1
  12. package/dist/index.js +5 -1
  13. package/dist/scanner.d.ts +6 -0
  14. package/dist/scanner.js +22 -0
  15. package/dist/types.d.ts +2 -0
  16. package/dist-cjs/categories/authentication.js +34 -17
  17. package/dist-cjs/categories/configuration.js +561 -60
  18. package/dist-cjs/categories/injection.js +68 -34
  19. package/dist-cjs/categories/sensitive-paths.js +168 -84
  20. package/dist-cjs/categories/ssrf.js +22 -11
  21. package/dist-cjs/categories/xss.js +30 -15
  22. package/dist-cjs/category.js +18 -0
  23. package/dist-cjs/error-codes.js +20 -0
  24. package/dist-cjs/index.js +7 -1
  25. package/dist-cjs/scanner.js +25 -0
  26. package/package.json +35 -32
  27. package/scripts/assign-ids.ts +105 -0
  28. package/scripts/check-duplicate-ids.ts +45 -0
  29. package/src/categories/authentication.ts +145 -128
  30. package/src/categories/configuration.ts +1632 -1111
  31. package/src/categories/injection.ts +158 -124
  32. package/src/categories/sensitive-paths.ts +168 -84
  33. package/src/categories/ssrf.ts +22 -11
  34. package/src/categories/xss.ts +30 -15
  35. package/src/category.ts +16 -0
  36. package/src/error-codes.ts +25 -5
  37. package/src/id-registry.json +1235 -0
  38. package/src/index.ts +20 -14
  39. package/src/scanner.ts +23 -0
  40. package/src/types.ts +4 -2
  41. package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
  42. package/src/categories/authentication.d.ts +0 -8
  43. package/src/categories/authentication.d.ts.map +0 -1
  44. package/src/categories/authentication.js +0 -378
  45. package/src/categories/authentication.js.map +0 -1
  46. package/src/categories/configuration.d.ts +0 -8
  47. package/src/categories/configuration.d.ts.map +0 -1
  48. package/src/categories/configuration.js +0 -906
  49. package/src/categories/configuration.js.map +0 -1
  50. package/src/categories/injection.d.ts +0 -8
  51. package/src/categories/injection.d.ts.map +0 -1
  52. package/src/categories/injection.js +0 -750
  53. package/src/categories/injection.js.map +0 -1
  54. package/src/categories/sensitive-paths.d.ts +0 -9
  55. package/src/categories/sensitive-paths.d.ts.map +0 -1
  56. package/src/categories/sensitive-paths.js +0 -1791
  57. package/src/categories/sensitive-paths.js.map +0 -1
  58. package/src/categories/ssrf.d.ts +0 -8
  59. package/src/categories/ssrf.d.ts.map +0 -1
  60. package/src/categories/ssrf.js +0 -250
  61. package/src/categories/ssrf.js.map +0 -1
  62. package/src/categories/xss.d.ts +0 -7
  63. package/src/categories/xss.d.ts.map +0 -1
  64. package/src/categories/xss.js +0 -328
  65. package/src/categories/xss.js.map +0 -1
  66. package/src/error-codes.d.ts +0 -242
  67. package/src/error-codes.d.ts.map +0 -1
  68. package/src/error-codes.js +0 -315
  69. package/src/error-codes.js.map +0 -1
  70. package/src/index.d.ts +0 -60
  71. package/src/index.d.ts.map +0 -1
  72. package/src/index.js +0 -107
  73. package/src/index.js.map +0 -1
  74. package/src/types.d.ts +0 -86
  75. package/src/types.d.ts.map +0 -1
  76. package/src/types.js +0 -7
  77. package/src/types.js.map +0 -1
package/dist/categories/configuration.js CHANGED
@@ -9,11 +9,12 @@ export const CONFIG_VULNERABILITIES = {
9
9
  // SECURITY HEADERS
10
10
  // ========================================
11
11
  [VulnerabilityCode.HEADER_MISSING_CSP]: {
12
- id: 69,
12
+ id: 200,
13
13
  code: VulnerabilityCode.HEADER_MISSING_CSP,
14
14
  title: 'Missing Security Header - Content-Security-Policy',
15
15
  description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
16
16
  severity: 'medium',
17
+ levelId: 3,
17
18
  category: 'configuration',
18
19
  scanner: 'security-headers',
19
20
  cvss: {
@@ -30,11 +31,12 @@ export const CONFIG_VULNERABILITIES = {
30
31
  remediation: 'Implement Content-Security-Policy header with strict directives. Start with default-src self and progressively add required sources. Use nonce-based CSP for inline scripts.',
31
32
  },
32
33
  [VulnerabilityCode.HEADER_MISSING_HSTS]: {
33
- id: 70,
34
+ id: 201,
34
35
  code: VulnerabilityCode.HEADER_MISSING_HSTS,
35
36
  title: 'Missing Security Header - Strict-Transport-Security',
36
37
  description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
37
38
  severity: 'medium',
39
+ levelId: 3,
38
40
  category: 'configuration',
39
41
  scanner: 'security-headers',
40
42
  cvss: {
@@ -51,11 +53,12 @@ export const CONFIG_VULNERABILITIES = {
51
53
  remediation: 'Add Strict-Transport-Security header with max-age of at least 31536000 (1 year). Include includeSubDomains directive. Consider HSTS preloading for maximum protection.',
52
54
  },
53
55
  [VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE]: {
54
- id: 1011,
56
+ id: 202,
55
57
  code: VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE,
56
58
  title: 'HSTS Misconfiguration - Invalid Max-Age',
57
59
  description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
58
60
  severity: 'medium',
61
+ levelId: 3,
59
62
  category: 'configuration',
60
63
  scanner: 'security-headers',
61
64
  cvss: {
@@ -72,11 +75,12 @@ export const CONFIG_VULNERABILITIES = {
72
75
  remediation: 'Set a valid numeric max-age on Strict-Transport-Security (at least 31536000).',
73
76
  },
74
77
  [VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE]: {
75
- id: 1012,
78
+ id: 203,
76
79
  code: VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE,
77
80
  title: 'HSTS Misconfiguration - Max-Age Too Short',
78
81
  description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
79
82
  severity: 'medium',
83
+ levelId: 3,
80
84
  category: 'configuration',
81
85
  scanner: 'security-headers',
82
86
  cvss: {
@@ -93,11 +97,12 @@ export const CONFIG_VULNERABILITIES = {
93
97
  remediation: 'Increase max-age to at least 31536000 (1 year) to provide durable HTTPS enforcement.',
94
98
  },
95
99
  [VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS]: {
96
- id: 1013,
100
+ id: 204,
97
101
  code: VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS,
98
102
  title: 'HSTS Misconfiguration - Missing includeSubDomains',
99
103
  description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
100
104
  severity: 'medium',
105
+ levelId: 3,
101
106
  category: 'configuration',
102
107
  scanner: 'security-headers',
103
108
  cvss: {
@@ -114,11 +119,12 @@ export const CONFIG_VULNERABILITIES = {
114
119
  remediation: 'Add includeSubDomains to the HSTS header to protect all subdomains.',
115
120
  },
116
121
  [VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE]: {
117
- id: 1018,
122
+ id: 205,
118
123
  code: VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE,
119
124
  title: 'HSTS Preload Requirements Not Met',
120
125
  description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
121
126
  severity: 'medium',
127
+ levelId: 3,
122
128
  category: 'configuration',
123
129
  scanner: 'security-headers',
124
130
  cvss: {
@@ -135,11 +141,12 @@ export const CONFIG_VULNERABILITIES = {
135
141
  remediation: 'Ensure HSTS max-age is at least 31536000, include includeSubDomains, and add preload before submitting to the preload list.',
136
142
  },
137
143
  [VulnerabilityCode.HEADER_MISSING_XFRAME]: {
138
- id: 71,
144
+ id: 206,
139
145
  code: VulnerabilityCode.HEADER_MISSING_XFRAME,
140
146
  title: 'Missing Security Header - X-Frame-Options',
141
147
  description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
142
148
  severity: 'medium',
149
+ levelId: 3,
143
150
  category: 'configuration',
144
151
  scanner: 'security-headers',
145
152
  cvss: {
@@ -156,11 +163,12 @@ export const CONFIG_VULNERABILITIES = {
156
163
  remediation: 'Set X-Frame-Options header to DENY or SAMEORIGIN. Use Content-Security-Policy frame-ancestors directive for more granular control. Both headers can be used together for compatibility.',
157
164
  },
158
165
  [VulnerabilityCode.HEADER_WEAK_CSP]: {
159
- id: 72,
166
+ id: 207,
160
167
  code: VulnerabilityCode.HEADER_WEAK_CSP,
161
168
  title: 'Weak Content-Security-Policy Configuration',
162
169
  description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
163
170
  severity: 'medium',
171
+ levelId: 3,
164
172
  category: 'configuration',
165
173
  scanner: 'security-headers',
166
174
  cvss: {
@@ -177,11 +185,12 @@ export const CONFIG_VULNERABILITIES = {
177
185
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Use nonce-based or hash-based CSP for inline scripts. Restrict source allowlists to specific trusted domains rather than wildcards.',
178
186
  },
179
187
  [VulnerabilityCode.HEADER_CSP_REPORT_ONLY]: {
180
- id: 1001,
188
+ id: 208,
181
189
  code: VulnerabilityCode.HEADER_CSP_REPORT_ONLY,
182
190
  title: 'Content-Security-Policy Report-Only Enabled',
183
191
  description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
184
192
  severity: 'medium',
193
+ levelId: 3,
185
194
  category: 'configuration',
186
195
  scanner: 'security-headers',
187
196
  cvss: {
@@ -198,11 +207,12 @@ export const CONFIG_VULNERABILITIES = {
198
207
  remediation: 'Switch to enforcing Content-Security-Policy once violations are reviewed. Use report-only during rollout, then enforce with strict directives.',
199
208
  },
200
209
  [VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES]: {
201
- id: 1002,
210
+ id: 209,
202
211
  code: VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES,
203
212
  title: 'Content-Security-Policy Contains Unsafe Directives',
204
213
  description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
205
214
  severity: 'medium',
215
+ levelId: 3,
206
216
  category: 'configuration',
207
217
  scanner: 'security-headers',
208
218
  cvss: {
@@ -219,11 +229,12 @@ export const CONFIG_VULNERABILITIES = {
219
229
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Replace inline scripts with nonces or hashes and restrict sources to trusted domains.',
220
230
  },
221
231
  [VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT]: {
222
- id: 1003,
232
+ id: 210,
223
233
  code: VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT,
224
234
  title: 'Content-Security-Policy Allows data: in script-src',
225
235
  description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
226
236
  severity: 'medium',
237
+ levelId: 3,
227
238
  category: 'configuration',
228
239
  scanner: 'security-headers',
229
240
  cvss: {
@@ -240,11 +251,12 @@ export const CONFIG_VULNERABILITIES = {
240
251
  remediation: 'Remove data: from script-src. Use nonce or hash-based CSP for any required inline scripts.',
241
252
  },
242
253
  [VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT]: {
243
- id: 1004,
254
+ id: 211,
244
255
  code: VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT,
245
256
  title: 'Content-Security-Policy Allows blob: in script-src',
246
257
  description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
247
258
  severity: 'medium',
259
+ levelId: 3,
248
260
  category: 'configuration',
249
261
  scanner: 'security-headers',
250
262
  cvss: {
@@ -261,11 +273,12 @@ export const CONFIG_VULNERABILITIES = {
261
273
  remediation: 'Remove blob: from script-src unless strictly required. Use a narrower allowlist or nonces for trusted scripts.',
262
274
  },
263
275
  [VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT]: {
264
- id: 1005,
276
+ id: 212,
265
277
  code: VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT,
266
278
  title: 'Content-Security-Policy default-src Uses Wildcard',
267
279
  description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
268
280
  severity: 'medium',
281
+ levelId: 3,
269
282
  category: 'configuration',
270
283
  scanner: 'security-headers',
271
284
  cvss: {
@@ -282,11 +295,12 @@ export const CONFIG_VULNERABILITIES = {
282
295
  remediation: 'Replace wildcard default-src with explicit trusted origins and tighten resource-specific directives.',
283
296
  },
284
297
  [VulnerabilityCode.HEADER_CSP_NO_BASE_URI]: {
285
- id: 1006,
298
+ id: 213,
286
299
  code: VulnerabilityCode.HEADER_CSP_NO_BASE_URI,
287
300
  title: 'Content-Security-Policy Missing base-uri Directive',
288
301
  description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
289
302
  severity: 'medium',
303
+ levelId: 3,
290
304
  category: 'configuration',
291
305
  scanner: 'security-headers',
292
306
  cvss: {
@@ -303,11 +317,12 @@ export const CONFIG_VULNERABILITIES = {
303
317
  remediation: 'Add base-uri \'self\' (or a strict allowlist) to CSP to prevent base tag abuse.',
304
318
  },
305
319
  [VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC]: {
306
- id: 1007,
320
+ id: 214,
307
321
  code: VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC,
308
322
  title: 'Content-Security-Policy Missing object-src Directive',
309
323
  description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
310
324
  severity: 'medium',
325
+ levelId: 3,
311
326
  category: 'configuration',
312
327
  scanner: 'security-headers',
313
328
  cvss: {
@@ -324,11 +339,12 @@ export const CONFIG_VULNERABILITIES = {
324
339
  remediation: 'Add object-src \'none\' (or a strict allowlist) to CSP to prevent plugin content loading.',
325
340
  },
326
341
  [VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS]: {
327
- id: 1008,
342
+ id: 215,
328
343
  code: VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS,
329
344
  title: 'Content-Security-Policy Missing frame-ancestors Directive',
330
345
  description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
331
346
  severity: 'medium',
347
+ levelId: 3,
332
348
  category: 'configuration',
333
349
  scanner: 'security-headers',
334
350
  cvss: {
@@ -345,11 +361,12 @@ export const CONFIG_VULNERABILITIES = {
345
361
  remediation: 'Add frame-ancestors \'none\' or a strict allowlist to CSP to prevent clickjacking.',
346
362
  },
347
363
  [VulnerabilityCode.HEADER_CORS_MISCONFIGURED]: {
348
- id: 73,
364
+ id: 216,
349
365
  code: VulnerabilityCode.HEADER_CORS_MISCONFIGURED,
350
366
  title: 'CORS Misconfiguration',
351
367
  description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
352
368
  severity: 'high',
369
+ levelId: 2,
353
370
  category: 'configuration',
354
371
  scanner: 'security-headers',
355
372
  cvss: {
@@ -366,11 +383,12 @@ export const CONFIG_VULNERABILITIES = {
366
383
  remediation: 'Implement strict Origin validation with allowlist of trusted domains. Never reflect Origin header without validation. Do not use wildcard with Access-Control-Allow-Credentials.',
367
384
  },
368
385
  [VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS]: {
369
- id: 1014,
386
+ id: 217,
370
387
  code: VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS,
371
388
  title: 'CORS Wildcard With Credentials',
372
389
  description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
373
390
  severity: 'high',
391
+ levelId: 2,
374
392
  category: 'configuration',
375
393
  scanner: 'security-headers',
376
394
  cvss: {
@@ -387,11 +405,12 @@ export const CONFIG_VULNERABILITIES = {
387
405
  remediation: 'Never use wildcard origins with credentials. Replace * with an explicit allowlist and set Vary: Origin.',
388
406
  },
389
407
  [VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY]: {
390
- id: 1015,
408
+ id: 218,
391
409
  code: VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY,
392
410
  title: 'CORS Origin Reflection Without Vary',
393
411
  description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
394
412
  severity: 'high',
413
+ levelId: 2,
395
414
  category: 'configuration',
396
415
  scanner: 'security-headers',
397
416
  cvss: {
@@ -408,11 +427,12 @@ export const CONFIG_VULNERABILITIES = {
408
427
  remediation: 'Validate origins against an allowlist and always include Vary: Origin when dynamically setting Access-Control-Allow-Origin.',
409
428
  },
410
429
  [VulnerabilityCode.HEADER_CORS_NULL_ORIGIN]: {
411
- id: 1016,
430
+ id: 219,
412
431
  code: VulnerabilityCode.HEADER_CORS_NULL_ORIGIN,
413
432
  title: 'CORS Allows Null Origin',
414
433
  description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
415
434
  severity: 'high',
435
+ levelId: 2,
416
436
  category: 'configuration',
417
437
  scanner: 'security-headers',
418
438
  cvss: {
@@ -429,11 +449,12 @@ export const CONFIG_VULNERABILITIES = {
429
449
  remediation: 'Remove null from allowed origins. Restrict CORS to explicit trusted domains only.',
430
450
  },
431
451
  [VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN]: {
432
- id: 1017,
452
+ id: 220,
433
453
  code: VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN,
434
454
  title: 'CORS Allows Wildcard Subdomains',
435
455
  description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
436
456
  severity: 'high',
457
+ levelId: 2,
437
458
  category: 'configuration',
438
459
  scanner: 'security-headers',
439
460
  cvss: {
@@ -452,12 +473,454 @@ export const CONFIG_VULNERABILITIES = {
452
473
  // ========================================
453
474
  // DIRECTORY BROWSING
454
475
  // ========================================
476
+ [VulnerabilityCode.DIRBROWSE_GENERIC]: {
477
+ id: 221,
478
+ code: VulnerabilityCode.DIRBROWSE_GENERIC,
479
+ title: 'Directory Listing Enabled (Generic)',
480
+ description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
481
+ severity: 'low',
482
+ levelId: 4,
483
+ category: 'configuration',
484
+ scanner: 'directory-browsing',
485
+ cvss: {
486
+ score: 3.7,
487
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
488
+ severity: 'LOW',
489
+ },
490
+ cwe: [
491
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
492
+ ],
493
+ owasp: [
494
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
495
+ ],
496
+ remediation: 'Disable directory listing in the web server configuration and ensure directories have index files.',
497
+ },
498
+ [VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
499
+ id: 222,
500
+ code: VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
501
+ title: 'Directory Listing Exposing Sensitive Content (Generic)',
502
+ description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
503
+ severity: 'medium',
504
+ levelId: 3,
505
+ category: 'configuration',
506
+ scanner: 'directory-browsing',
507
+ cvss: {
508
+ score: 5.3,
509
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
510
+ severity: 'MEDIUM',
511
+ },
512
+ cwe: [
513
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
514
+ ],
515
+ owasp: [
516
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
517
+ ],
518
+ remediation: 'Disable directory listing and remove sensitive files from web-accessible directories.',
519
+ },
520
+ [VulnerabilityCode.DIRBROWSE_APACHE]: {
521
+ id: 223,
522
+ code: VulnerabilityCode.DIRBROWSE_APACHE,
523
+ title: 'Apache Autoindex Enabled',
524
+ description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
525
+ severity: 'low',
526
+ levelId: 4,
527
+ category: 'configuration',
528
+ scanner: 'directory-browsing',
529
+ cvss: {
530
+ score: 3.7,
531
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
532
+ severity: 'LOW',
533
+ },
534
+ cwe: [
535
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
536
+ ],
537
+ owasp: [
538
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
539
+ ],
540
+ remediation: 'Disable autoindex in Apache (Options -Indexes) and add index files.',
541
+ },
542
+ [VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
543
+ id: 224,
544
+ code: VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
545
+ title: 'Apache Autoindex Exposing Sensitive Content',
546
+ description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
547
+ severity: 'medium',
548
+ levelId: 3,
549
+ category: 'configuration',
550
+ scanner: 'directory-browsing',
551
+ cvss: {
552
+ score: 5.3,
553
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
554
+ severity: 'MEDIUM',
555
+ },
556
+ cwe: [
557
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
558
+ ],
559
+ owasp: [
560
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
561
+ ],
562
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
563
+ },
564
+ [VulnerabilityCode.DIRBROWSE_NGINX]: {
565
+ id: 225,
566
+ code: VulnerabilityCode.DIRBROWSE_NGINX,
567
+ title: 'Nginx Autoindex Enabled',
568
+ description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
569
+ severity: 'low',
570
+ levelId: 4,
571
+ category: 'configuration',
572
+ scanner: 'directory-browsing',
573
+ cvss: {
574
+ score: 3.7,
575
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
576
+ severity: 'LOW',
577
+ },
578
+ cwe: [
579
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
580
+ ],
581
+ owasp: [
582
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
583
+ ],
584
+ remediation: 'Disable autoindex in nginx (autoindex off) and add index files.',
585
+ },
586
+ [VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
587
+ id: 226,
588
+ code: VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
589
+ title: 'Nginx Autoindex Exposing Sensitive Content',
590
+ description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
591
+ severity: 'medium',
592
+ levelId: 3,
593
+ category: 'configuration',
594
+ scanner: 'directory-browsing',
595
+ cvss: {
596
+ score: 5.3,
597
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
598
+ severity: 'MEDIUM',
599
+ },
600
+ cwe: [
601
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
602
+ ],
603
+ owasp: [
604
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
605
+ ],
606
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
607
+ },
608
+ [VulnerabilityCode.DIRBROWSE_IIS]: {
609
+ id: 227,
610
+ code: VulnerabilityCode.DIRBROWSE_IIS,
611
+ title: 'IIS Directory Browsing Enabled',
612
+ description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
613
+ severity: 'low',
614
+ levelId: 4,
615
+ category: 'configuration',
616
+ scanner: 'directory-browsing',
617
+ cvss: {
618
+ score: 3.7,
619
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
620
+ severity: 'LOW',
621
+ },
622
+ cwe: [
623
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
624
+ ],
625
+ owasp: [
626
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
627
+ ],
628
+ remediation: 'Disable directory browsing in IIS and ensure directories have index files.',
629
+ },
630
+ [VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
631
+ id: 228,
632
+ code: VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
633
+ title: 'IIS Directory Browsing Exposing Sensitive Content',
634
+ description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
635
+ severity: 'medium',
636
+ levelId: 3,
637
+ category: 'configuration',
638
+ scanner: 'directory-browsing',
639
+ cvss: {
640
+ score: 5.3,
641
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
642
+ severity: 'MEDIUM',
643
+ },
644
+ cwe: [
645
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
646
+ ],
647
+ owasp: [
648
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
649
+ ],
650
+ remediation: 'Disable directory browsing and remove sensitive files from web-accessible directories.',
651
+ },
652
+ [VulnerabilityCode.DIRBROWSE_TOMCAT]: {
653
+ id: 229,
654
+ code: VulnerabilityCode.DIRBROWSE_TOMCAT,
655
+ title: 'Tomcat Directory Listing Enabled',
656
+ description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
657
+ severity: 'low',
658
+ levelId: 4,
659
+ category: 'configuration',
660
+ scanner: 'directory-browsing',
661
+ cvss: {
662
+ score: 3.7,
663
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
664
+ severity: 'LOW',
665
+ },
666
+ cwe: [
667
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
668
+ ],
669
+ owasp: [
670
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
671
+ ],
672
+ remediation: 'Disable directory listings in Tomcat and add index files to web directories.',
673
+ },
674
+ [VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
675
+ id: 230,
676
+ code: VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
677
+ title: 'Tomcat Directory Listing Exposing Sensitive Content',
678
+ description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
679
+ severity: 'medium',
680
+ levelId: 3,
681
+ category: 'configuration',
682
+ scanner: 'directory-browsing',
683
+ cvss: {
684
+ score: 5.3,
685
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
686
+ severity: 'MEDIUM',
687
+ },
688
+ cwe: [
689
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
690
+ ],
691
+ owasp: [
692
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
693
+ ],
694
+ remediation: 'Disable directory listings and remove sensitive files from web-accessible directories.',
695
+ },
696
+ [VulnerabilityCode.DIRBROWSE_CADDY]: {
697
+ id: 231,
698
+ code: VulnerabilityCode.DIRBROWSE_CADDY,
699
+ title: 'Caddy File Server Browsing Enabled',
700
+ description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
701
+ severity: 'low',
702
+ levelId: 4,
703
+ category: 'configuration',
704
+ scanner: 'directory-browsing',
705
+ cvss: {
706
+ score: 3.7,
707
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
708
+ severity: 'LOW',
709
+ },
710
+ cwe: [
711
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
712
+ ],
713
+ owasp: [
714
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
715
+ ],
716
+ remediation: 'Disable file_server browse in Caddy or restrict browsing to trusted users.',
717
+ },
718
+ [VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
719
+ id: 232,
720
+ code: VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
721
+ title: 'Caddy File Server Browsing Exposing Sensitive Content',
722
+ description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
723
+ severity: 'medium',
724
+ levelId: 3,
725
+ category: 'configuration',
726
+ scanner: 'directory-browsing',
727
+ cvss: {
728
+ score: 5.3,
729
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
730
+ severity: 'MEDIUM',
731
+ },
732
+ cwe: [
733
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
734
+ ],
735
+ owasp: [
736
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
737
+ ],
738
+ remediation: 'Disable file_server browse and remove sensitive files from web-accessible directories.',
739
+ },
740
+ [VulnerabilityCode.DIRBROWSE_WEBDAV]: {
741
+ id: 233,
742
+ code: VulnerabilityCode.DIRBROWSE_WEBDAV,
743
+ title: 'WebDAV Directory Listing Enabled',
744
+ description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
745
+ severity: 'low',
746
+ levelId: 4,
747
+ category: 'configuration',
748
+ scanner: 'directory-browsing',
749
+ cvss: {
750
+ score: 3.7,
751
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
752
+ severity: 'LOW',
753
+ },
754
+ cwe: [
755
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
756
+ ],
757
+ owasp: [
758
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
759
+ ],
760
+ remediation: 'Disable unauthenticated WebDAV browsing or restrict access with authentication and authorization.',
761
+ },
762
+ [VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
763
+ id: 234,
764
+ code: VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
765
+ title: 'WebDAV Directory Listing Exposing Sensitive Content',
766
+ description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
767
+ severity: 'medium',
768
+ levelId: 3,
769
+ category: 'configuration',
770
+ scanner: 'directory-browsing',
771
+ cvss: {
772
+ score: 5.3,
773
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
774
+ severity: 'MEDIUM',
775
+ },
776
+ cwe: [
777
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
778
+ ],
779
+ owasp: [
780
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
781
+ ],
782
+ remediation: 'Disable unauthenticated WebDAV browsing and remove sensitive files from exposed directories.',
783
+ },
784
+ [VulnerabilityCode.DIRBROWSE_S3]: {
785
+ id: 235,
786
+ code: VulnerabilityCode.DIRBROWSE_S3,
787
+ title: 'S3 Bucket Listing Enabled',
788
+ description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
789
+ severity: 'low',
790
+ levelId: 4,
791
+ category: 'configuration',
792
+ scanner: 'directory-browsing',
793
+ cvss: {
794
+ score: 3.7,
795
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
796
+ severity: 'LOW',
797
+ },
798
+ cwe: [
799
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
800
+ ],
801
+ owasp: [
802
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
803
+ ],
804
+ remediation: 'Disable public ListBucket access and restrict bucket policies to authorized principals.',
805
+ },
806
+ [VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
807
+ id: 236,
808
+ code: VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
809
+ title: 'S3 Bucket Listing Exposing Sensitive Content',
810
+ description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
811
+ severity: 'medium',
812
+ levelId: 3,
813
+ category: 'configuration',
814
+ scanner: 'directory-browsing',
815
+ cvss: {
816
+ score: 5.3,
817
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
818
+ severity: 'MEDIUM',
819
+ },
820
+ cwe: [
821
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
822
+ ],
823
+ owasp: [
824
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
825
+ ],
826
+ remediation: 'Remove public ListBucket access and rotate any exposed credentials or secrets.',
827
+ },
828
+ [VulnerabilityCode.DIRBROWSE_GCS]: {
829
+ id: 237,
830
+ code: VulnerabilityCode.DIRBROWSE_GCS,
831
+ title: 'GCS Bucket Listing Enabled',
832
+ description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
833
+ severity: 'low',
834
+ levelId: 4,
835
+ category: 'configuration',
836
+ scanner: 'directory-browsing',
837
+ cvss: {
838
+ score: 3.7,
839
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
840
+ severity: 'LOW',
841
+ },
842
+ cwe: [
843
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
844
+ ],
845
+ owasp: [
846
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
847
+ ],
848
+ remediation: 'Restrict bucket IAM policies to authorized principals and disable anonymous listing.',
849
+ },
850
+ [VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
851
+ id: 238,
852
+ code: VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
853
+ title: 'GCS Bucket Listing Exposing Sensitive Content',
854
+ description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
855
+ severity: 'medium',
856
+ levelId: 3,
857
+ category: 'configuration',
858
+ scanner: 'directory-browsing',
859
+ cvss: {
860
+ score: 5.3,
861
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
862
+ severity: 'MEDIUM',
863
+ },
864
+ cwe: [
865
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
866
+ ],
867
+ owasp: [
868
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
869
+ ],
870
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
871
+ },
872
+ [VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
873
+ id: 239,
874
+ code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
875
+ title: 'Azure Blob Container Listing Enabled',
876
+ description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
877
+ severity: 'low',
878
+ levelId: 4,
879
+ category: 'configuration',
880
+ scanner: 'directory-browsing',
881
+ cvss: {
882
+ score: 3.7,
883
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
884
+ severity: 'LOW',
885
+ },
886
+ cwe: [
887
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
888
+ ],
889
+ owasp: [
890
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
891
+ ],
892
+ remediation: 'Disable public container listing and restrict access via SAS tokens or RBAC.',
893
+ },
894
+ [VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
895
+ id: 240,
896
+ code: VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
897
+ title: 'Azure Blob Container Listing Exposing Sensitive Content',
898
+ description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
899
+ severity: 'medium',
900
+ levelId: 3,
901
+ category: 'configuration',
902
+ scanner: 'directory-browsing',
903
+ cvss: {
904
+ score: 5.3,
905
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
906
+ severity: 'MEDIUM',
907
+ },
908
+ cwe: [
909
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
910
+ ],
911
+ owasp: [
912
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
913
+ ],
914
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
915
+ },
916
+ // Legacy generic codes (keep for backward compatibility)
455
917
  [VulnerabilityCode.DIRBROWSE_ENABLED]: {
456
- id: 74,
918
+ id: 241,
457
919
  code: VulnerabilityCode.DIRBROWSE_ENABLED,
458
920
  title: 'Directory Listing Enabled',
459
921
  description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
460
922
  severity: 'low',
923
+ levelId: 4,
461
924
  category: 'configuration',
462
925
  scanner: 'directory-browsing',
463
926
  cvss: {
@@ -474,11 +937,12 @@ export const CONFIG_VULNERABILITIES = {
474
937
  remediation: 'Disable directory listing in web server configuration (Options -Indexes in Apache, autoindex off in nginx). Ensure all directories have proper index files.',
475
938
  },
476
939
  [VulnerabilityCode.DIRBROWSE_SENSITIVE]: {
477
- id: 75,
940
+ id: 242,
478
941
  code: VulnerabilityCode.DIRBROWSE_SENSITIVE,
479
942
  title: 'Directory Listing Exposing Sensitive Content',
480
943
  description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
481
944
  severity: 'medium',
945
+ levelId: 3,
482
946
  category: 'configuration',
483
947
  scanner: 'directory-browsing',
484
948
  cvss: {
@@ -498,11 +962,12 @@ export const CONFIG_VULNERABILITIES = {
498
962
  // CLICKJACKING
499
963
  // ========================================
500
964
  [VulnerabilityCode.CLICK_FRAMEABLE]: {
501
- id: 76,
965
+ id: 243,
502
966
  code: VulnerabilityCode.CLICK_FRAMEABLE,
503
967
  title: 'Clickjacking - Page Frameable',
504
968
  description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
505
969
  severity: 'medium',
970
+ levelId: 3,
506
971
  category: 'configuration',
507
972
  scanner: 'security-headers',
508
973
  cvss: {
@@ -522,11 +987,12 @@ export const CONFIG_VULNERABILITIES = {
522
987
  // DESERIALIZATION
523
988
  // ========================================
524
989
  [VulnerabilityCode.DESER_JAVA]: {
525
- id: 77,
990
+ id: 244,
526
991
  code: VulnerabilityCode.DESER_JAVA,
527
992
  title: 'Insecure Deserialization - Java',
528
993
  description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
529
994
  severity: 'critical',
995
+ levelId: 1,
530
996
  category: 'injection',
531
997
  scanner: 'deserialization',
532
998
  cvss: {
@@ -543,11 +1009,12 @@ export const CONFIG_VULNERABILITIES = {
543
1009
  remediation: 'Do not deserialize untrusted data. Use JSON or XML instead of Java serialization. Implement ObjectInputFilter (JEP 290) to restrict deserializable classes. Remove vulnerable gadget libraries.',
544
1010
  },
545
1011
  [VulnerabilityCode.DESER_PHP]: {
546
- id: 78,
1012
+ id: 245,
547
1013
  code: VulnerabilityCode.DESER_PHP,
548
1014
  title: 'Insecure Deserialization - PHP',
549
1015
  description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
550
1016
  severity: 'critical',
1017
+ levelId: 1,
551
1018
  category: 'injection',
552
1019
  scanner: 'deserialization',
553
1020
  cvss: {
@@ -564,11 +1031,12 @@ export const CONFIG_VULNERABILITIES = {
564
1031
  remediation: 'Never pass user input to unserialize(). Use json_decode() instead. If serialization is required, use allowed_classes option with explicit allowlist. Audit code for pop chains.',
565
1032
  },
566
1033
  [VulnerabilityCode.DESER_PYTHON]: {
567
- id: 79,
1034
+ id: 246,
568
1035
  code: VulnerabilityCode.DESER_PYTHON,
569
1036
  title: 'Insecure Deserialization - Python',
570
1037
  description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
571
1038
  severity: 'critical',
1039
+ levelId: 1,
572
1040
  category: 'injection',
573
1041
  scanner: 'deserialization',
574
1042
  cvss: {
@@ -585,11 +1053,12 @@ export const CONFIG_VULNERABILITIES = {
585
1053
  remediation: 'Never pickle untrusted data. Use JSON or other safe formats. If pickle is required, use cryptographic signatures to verify data integrity before deserialization.',
586
1054
  },
587
1055
  [VulnerabilityCode.DESER_DOTNET]: {
588
- id: 80,
1056
+ id: 247,
589
1057
  code: VulnerabilityCode.DESER_DOTNET,
590
1058
  title: 'Insecure Deserialization - .NET',
591
1059
  description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
592
1060
  severity: 'critical',
1061
+ levelId: 1,
593
1062
  category: 'injection',
594
1063
  scanner: 'deserialization',
595
1064
  cvss: {
@@ -606,11 +1075,12 @@ export const CONFIG_VULNERABILITIES = {
606
1075
  remediation: 'Avoid BinaryFormatter for untrusted data. Use System.Text.Json or XmlSerializer with known types. For legacy code, implement SerializationBinder to restrict deserializable types.',
607
1076
  },
608
1077
  [VulnerabilityCode.DESER_RUBY]: {
609
- id: 81,
1078
+ id: 248,
610
1079
  code: VulnerabilityCode.DESER_RUBY,
611
1080
  title: 'Insecure Deserialization - Ruby',
612
1081
  description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
613
1082
  severity: 'critical',
1083
+ levelId: 1,
614
1084
  category: 'injection',
615
1085
  scanner: 'deserialization',
616
1086
  cvss: {
@@ -627,11 +1097,12 @@ export const CONFIG_VULNERABILITIES = {
627
1097
  remediation: 'Never Marshal.load untrusted data. Use JSON.parse instead. For YAML, use YAML.safe_load with permitted_classes option. Sign serialized data with HMAC for integrity.',
628
1098
  },
629
1099
  [VulnerabilityCode.DESER_NODE]: {
630
- id: 82,
1100
+ id: 249,
631
1101
  code: VulnerabilityCode.DESER_NODE,
632
1102
  title: 'Insecure Deserialization - Node.js',
633
1103
  description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
634
1104
  severity: 'critical',
1105
+ levelId: 1,
635
1106
  category: 'injection',
636
1107
  scanner: 'deserialization',
637
1108
  cvss: {
@@ -648,11 +1119,12 @@ export const CONFIG_VULNERABILITIES = {
648
1119
  remediation: 'Never use serialization libraries that can deserialize functions. Use JSON.parse() for data interchange. Avoid node-serialize and similar libraries. Implement input validation.',
649
1120
  },
650
1121
  [VulnerabilityCode.CLICK_PARTIAL_PROTECTION]: {
651
- id: 83,
1122
+ id: 250,
652
1123
  code: VulnerabilityCode.CLICK_PARTIAL_PROTECTION,
653
1124
  title: 'Clickjacking - Partial Protection',
654
1125
  description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
655
1126
  severity: 'low',
1127
+ levelId: 4,
656
1128
  category: 'configuration',
657
1129
  scanner: 'security-headers',
658
1130
  cvss: {
@@ -669,11 +1141,12 @@ export const CONFIG_VULNERABILITIES = {
669
1141
  remediation: 'Apply consistent frame protection across all pages. Use DENY or SAMEORIGIN rather than ALLOW-FROM. Audit all endpoints for missing protection. Use CSP frame-ancestors instead of X-Frame-Options.',
670
1142
  },
671
1143
  [VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE]: {
672
- id: 84,
1144
+ id: 251,
673
1145
  code: VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE,
674
1146
  title: 'Missing Security Header - X-Content-Type-Options',
675
1147
  description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
676
1148
  severity: 'low',
1149
+ levelId: 4,
677
1150
  category: 'configuration',
678
1151
  scanner: 'security-headers',
679
1152
  cvss: {
@@ -690,11 +1163,12 @@ export const CONFIG_VULNERABILITIES = {
690
1163
  remediation: 'Add X-Content-Type-Options: nosniff header to all responses. Ensure correct Content-Type headers are set for all resources. Validate file types before serving user uploads.',
691
1164
  },
692
1165
  [VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID]: {
693
- id: 1009,
1166
+ id: 252,
694
1167
  code: VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID,
695
1168
  title: 'Invalid Security Header - X-Content-Type-Options',
696
1169
  description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
697
1170
  severity: 'low',
1171
+ levelId: 4,
698
1172
  category: 'configuration',
699
1173
  scanner: 'security-headers',
700
1174
  cvss: {
@@ -711,11 +1185,12 @@ export const CONFIG_VULNERABILITIES = {
711
1185
  remediation: 'Set X-Content-Type-Options to nosniff on all responses to prevent MIME sniffing.',
712
1186
  },
713
1187
  [VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY]: {
714
- id: 85,
1188
+ id: 253,
715
1189
  code: VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY,
716
1190
  title: 'Missing Security Header - Referrer-Policy',
717
1191
  description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
718
1192
  severity: 'low',
1193
+ levelId: 4,
719
1194
  category: 'configuration',
720
1195
  scanner: 'security-headers',
721
1196
  cvss: {
@@ -732,11 +1207,12 @@ export const CONFIG_VULNERABILITIES = {
732
1207
  remediation: 'Implement Referrer-Policy header with strict-origin-when-cross-origin or no-referrer policy. Avoid passing sensitive data in URLs. Use POST requests for sensitive operations.',
733
1208
  },
734
1209
  [VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE]: {
735
- id: 1010,
1210
+ id: 254,
736
1211
  code: VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE,
737
1212
  title: 'Unsafe Referrer-Policy Configuration',
738
1213
  description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
739
1214
  severity: 'low',
1215
+ levelId: 4,
740
1216
  category: 'configuration',
741
1217
  scanner: 'security-headers',
742
1218
  cvss: {
@@ -753,11 +1229,12 @@ export const CONFIG_VULNERABILITIES = {
753
1229
  remediation: 'Use strict-origin-when-cross-origin or no-referrer to minimize leakage of sensitive URL data.',
754
1230
  },
755
1231
  [VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY]: {
756
- id: 86,
1232
+ id: 255,
757
1233
  code: VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY,
758
1234
  title: 'Missing Security Header - Permissions-Policy',
759
1235
  description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
760
1236
  severity: 'info',
1237
+ levelId: 5,
761
1238
  category: 'configuration',
762
1239
  scanner: 'security-headers',
763
1240
  cvss: {
@@ -774,11 +1251,12 @@ export const CONFIG_VULNERABILITIES = {
774
1251
  remediation: 'Add Permissions-Policy header restricting access to sensitive features. Disable features not needed by the application. Use () syntax to disallow features for all origins.',
775
1252
  },
776
1253
  [VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION]: {
777
- id: 87,
1254
+ id: 256,
778
1255
  code: VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION,
779
1256
  title: 'Missing Security Header - X-XSS-Protection',
780
1257
  description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
781
1258
  severity: 'info',
1259
+ levelId: 5,
782
1260
  category: 'configuration',
783
1261
  scanner: 'security-headers',
784
1262
  cvss: {
@@ -795,11 +1273,12 @@ export const CONFIG_VULNERABILITIES = {
795
1273
  remediation: 'Set X-XSS-Protection: 0 to disable (recommended per OWASP) or use CSP instead. The XSS auditor has been removed from modern browsers due to security issues with block mode.',
796
1274
  },
797
1275
  [VulnerabilityCode.HEADER_COEP_WITHOUT_COOP]: {
798
- id: 108,
1276
+ id: 257,
799
1277
  code: VulnerabilityCode.HEADER_COEP_WITHOUT_COOP,
800
1278
  title: 'Header Misconfiguration - COEP Without COOP',
801
1279
  description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
802
1280
  severity: 'info',
1281
+ levelId: 5,
803
1282
  category: 'configuration',
804
1283
  scanner: 'security-headers',
805
1284
  cvss: {
@@ -816,11 +1295,12 @@ export const CONFIG_VULNERABILITIES = {
816
1295
  remediation: 'If cross-origin isolation is required, deploy COEP together with COOP and validate the intended policy combination. Otherwise remove COEP to avoid confusing or inconsistent isolation posture.',
817
1296
  },
818
1297
  [VulnerabilityCode.HEADER_CORP_UNUSUAL]: {
819
- id: 109,
1298
+ id: 258,
820
1299
  code: VulnerabilityCode.HEADER_CORP_UNUSUAL,
821
1300
  title: 'Header Misconfiguration - Unusual CORP Value',
822
1301
  description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
823
1302
  severity: 'info',
1303
+ levelId: 5,
824
1304
  category: 'configuration',
825
1305
  scanner: 'security-headers',
826
1306
  cvss: {
@@ -837,11 +1317,12 @@ export const CONFIG_VULNERABILITIES = {
837
1317
  remediation: 'Use valid CORP values (same-origin, same-site, or cross-origin) and confirm the chosen policy aligns with the resource sharing model of the application.',
838
1318
  },
839
1319
  [VulnerabilityCode.HEADER_EXPECT_CT_PRESENT]: {
840
- id: 110,
1320
+ id: 259,
841
1321
  code: VulnerabilityCode.HEADER_EXPECT_CT_PRESENT,
842
1322
  title: 'Deprecated Header - Expect-CT Present',
843
1323
  description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
844
1324
  severity: 'info',
1325
+ levelId: 5,
845
1326
  category: 'configuration',
846
1327
  scanner: 'security-headers',
847
1328
  cvss: {
@@ -858,11 +1339,12 @@ export const CONFIG_VULNERABILITIES = {
858
1339
  remediation: 'Remove Expect-CT unless you have a legacy operational requirement, and focus on TLS configuration and certificate transparency monitoring via modern tooling.',
859
1340
  },
860
1341
  [VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT]: {
861
- id: 111,
1342
+ id: 260,
862
1343
  code: VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT,
863
1344
  title: 'Information Exposure - Server Header Present',
864
1345
  description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
865
1346
  severity: 'info',
1347
+ levelId: 5,
866
1348
  category: 'configuration',
867
1349
  scanner: 'security-headers',
868
1350
  cvss: {
@@ -879,11 +1361,12 @@ export const CONFIG_VULNERABILITIES = {
879
1361
  remediation: 'Configure the web server or reverse proxy to minimize or remove Server header details and avoid exposing version strings in responses.',
880
1362
  },
881
1363
  [VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT]: {
882
- id: 112,
1364
+ id: 261,
883
1365
  code: VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT,
884
1366
  title: 'Information Exposure - X-Powered-By Present',
885
1367
  description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
886
1368
  severity: 'info',
1369
+ levelId: 5,
887
1370
  category: 'configuration',
888
1371
  scanner: 'security-headers',
889
1372
  cvss: {
@@ -900,11 +1383,12 @@ export const CONFIG_VULNERABILITIES = {
900
1383
  remediation: 'Disable X-Powered-By headers in application frameworks or reverse proxies to reduce stack fingerprinting exposure.',
901
1384
  },
902
1385
  [VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED]: {
903
- id: 113,
1386
+ id: 262,
904
1387
  code: VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED,
905
1388
  title: 'Deprecated Header - X-XSS-Protection Enabled',
906
1389
  description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
907
1390
  severity: 'low',
1391
+ levelId: 4,
908
1392
  category: 'configuration',
909
1393
  scanner: 'security-headers',
910
1394
  cvss: {
@@ -921,11 +1405,12 @@ export const CONFIG_VULNERABILITIES = {
921
1405
  remediation: 'Prefer modern CSP protections and set X-XSS-Protection: 0 or remove the header to avoid relying on deprecated behavior.',
922
1406
  },
923
1407
  [VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE]: {
924
- id: 114,
1408
+ id: 263,
925
1409
  code: VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE,
926
1410
  title: 'Cookie Misconfiguration - SameSite=None Without Secure',
927
1411
  description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
928
1412
  severity: 'medium',
1413
+ levelId: 3,
929
1414
  category: 'configuration',
930
1415
  scanner: 'security-headers',
931
1416
  cvss: {
@@ -942,11 +1427,12 @@ export const CONFIG_VULNERABILITIES = {
942
1427
  remediation: 'Set Secure when SameSite=None is used and ensure the application is served exclusively over HTTPS.',
943
1428
  },
944
1429
  [VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE]: {
945
- id: 115,
1430
+ id: 264,
946
1431
  code: VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE,
947
1432
  title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
948
1433
  description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
949
1434
  severity: 'high',
1435
+ levelId: 2,
950
1436
  category: 'configuration',
951
1437
  scanner: 'security-headers',
952
1438
  cvss: {
@@ -963,11 +1449,12 @@ export const CONFIG_VULNERABILITIES = {
963
1449
  remediation: 'Apply the Secure attribute to all session cookies and enforce HTTPS with HSTS to prevent downgrade to plaintext.',
964
1450
  },
965
1451
  [VulnerabilityCode.COOKIE_MISSING_SECURE]: {
966
- id: 116,
1452
+ id: 265,
967
1453
  code: VulnerabilityCode.COOKIE_MISSING_SECURE,
968
1454
  title: 'Cookie Misconfiguration - Missing Secure Attribute',
969
1455
  description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
970
1456
  severity: 'medium',
1457
+ levelId: 3,
971
1458
  category: 'configuration',
972
1459
  scanner: 'security-headers',
973
1460
  cvss: {
@@ -984,11 +1471,12 @@ export const CONFIG_VULNERABILITIES = {
984
1471
  remediation: 'Set the Secure attribute on cookies that should only be transmitted over HTTPS.',
985
1472
  },
986
1473
  [VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY]: {
987
- id: 117,
1474
+ id: 266,
988
1475
  code: VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY,
989
1476
  title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
990
1477
  description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
991
1478
  severity: 'high',
1479
+ levelId: 2,
992
1480
  category: 'configuration',
993
1481
  scanner: 'security-headers',
994
1482
  cvss: {
@@ -1005,11 +1493,12 @@ export const CONFIG_VULNERABILITIES = {
1005
1493
  remediation: 'Set HttpOnly on session cookies to reduce access from client-side scripts and pair with CSP to mitigate XSS risk.',
1006
1494
  },
1007
1495
  [VulnerabilityCode.COOKIE_MISSING_HTTPONLY]: {
1008
- id: 118,
1496
+ id: 267,
1009
1497
  code: VulnerabilityCode.COOKIE_MISSING_HTTPONLY,
1010
1498
  title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
1011
1499
  description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
1012
1500
  severity: 'medium',
1501
+ levelId: 3,
1013
1502
  category: 'configuration',
1014
1503
  scanner: 'security-headers',
1015
1504
  cvss: {
@@ -1026,11 +1515,12 @@ export const CONFIG_VULNERABILITIES = {
1026
1515
  remediation: 'Add HttpOnly to cookies that should not be accessed by JavaScript to reduce the impact of XSS.',
1027
1516
  },
1028
1517
  [VulnerabilityCode.COOKIE_MISSING_SAMESITE]: {
1029
- id: 119,
1518
+ id: 268,
1030
1519
  code: VulnerabilityCode.COOKIE_MISSING_SAMESITE,
1031
1520
  title: 'Cookie Misconfiguration - Missing SameSite Attribute',
1032
1521
  description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
1033
1522
  severity: 'medium',
1523
+ levelId: 3,
1034
1524
  category: 'configuration',
1035
1525
  scanner: 'security-headers',
1036
1526
  cvss: {
@@ -1047,11 +1537,12 @@ export const CONFIG_VULNERABILITIES = {
1047
1537
  remediation: 'Set SameSite=Lax for general cookies or SameSite=Strict where appropriate to reduce cross-site cookie inclusion.',
1048
1538
  },
1049
1539
  [VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID]: {
1050
- id: 120,
1540
+ id: 269,
1051
1541
  code: VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID,
1052
1542
  title: 'Cookie Misconfiguration - __Host- Prefix Violations',
1053
1543
  description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
1054
1544
  severity: 'medium',
1545
+ levelId: 3,
1055
1546
  category: 'configuration',
1056
1547
  scanner: 'security-headers',
1057
1548
  cvss: {
@@ -1068,11 +1559,12 @@ export const CONFIG_VULNERABILITIES = {
1068
1559
  remediation: 'Ensure __Host- cookies include Secure, Path=/, and omit the Domain attribute to preserve host-only guarantees.',
1069
1560
  },
1070
1561
  [VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID]: {
1071
- id: 121,
1562
+ id: 270,
1072
1563
  code: VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID,
1073
1564
  title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
1074
1565
  description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
1075
1566
  severity: 'medium',
1567
+ levelId: 3,
1076
1568
  category: 'configuration',
1077
1569
  scanner: 'security-headers',
1078
1570
  cvss: {
@@ -1089,11 +1581,12 @@ export const CONFIG_VULNERABILITIES = {
1089
1581
  remediation: 'Set the Secure attribute for all __Secure- cookies and ensure HTTPS is enforced across the application.',
1090
1582
  },
1091
1583
  [VulnerabilityCode.HEADER_DRIFT_CSP]: {
1092
- id: 122,
1584
+ id: 271,
1093
1585
  code: VulnerabilityCode.HEADER_DRIFT_CSP,
1094
1586
  title: 'Header Drift - Content-Security-Policy Inconsistent',
1095
1587
  description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
1096
1588
  severity: 'low',
1589
+ levelId: 4,
1097
1590
  category: 'configuration',
1098
1591
  scanner: 'security-headers',
1099
1592
  cvss: {
@@ -1110,11 +1603,12 @@ export const CONFIG_VULNERABILITIES = {
1110
1603
  remediation: 'Apply CSP consistently across relevant responses, including error and authentication pages, to avoid gaps in policy coverage.',
1111
1604
  },
1112
1605
  [VulnerabilityCode.HEADER_DRIFT_HSTS]: {
1113
- id: 123,
1606
+ id: 272,
1114
1607
  code: VulnerabilityCode.HEADER_DRIFT_HSTS,
1115
1608
  title: 'Header Drift - Strict-Transport-Security Inconsistent',
1116
1609
  description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
1117
1610
  severity: 'low',
1611
+ levelId: 4,
1118
1612
  category: 'configuration',
1119
1613
  scanner: 'security-headers',
1120
1614
  cvss: {
@@ -1131,11 +1625,12 @@ export const CONFIG_VULNERABILITIES = {
1131
1625
  remediation: 'Ensure HSTS is set uniformly on HTTPS responses so the browser can enforce strict transport for the entire origin.',
1132
1626
  },
1133
1627
  [VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE]: {
1134
- id: 124,
1628
+ id: 273,
1135
1629
  code: VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE,
1136
1630
  title: 'Header Drift - X-Content-Type-Options Inconsistent',
1137
1631
  description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
1138
1632
  severity: 'low',
1633
+ levelId: 4,
1139
1634
  category: 'configuration',
1140
1635
  scanner: 'security-headers',
1141
1636
  cvss: {
@@ -1152,11 +1647,12 @@ export const CONFIG_VULNERABILITIES = {
1152
1647
  remediation: 'Apply X-Content-Type-Options: nosniff across all relevant responses to avoid inconsistent browser behavior.',
1153
1648
  },
1154
1649
  [VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY]: {
1155
- id: 125,
1650
+ id: 274,
1156
1651
  code: VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY,
1157
1652
  title: 'Header Drift - Referrer-Policy Inconsistent',
1158
1653
  description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
1159
1654
  severity: 'low',
1655
+ levelId: 4,
1160
1656
  category: 'configuration',
1161
1657
  scanner: 'security-headers',
1162
1658
  cvss: {
@@ -1173,11 +1669,12 @@ export const CONFIG_VULNERABILITIES = {
1173
1669
  remediation: 'Set a consistent Referrer-Policy across responses to standardize referrer leakage controls.',
1174
1670
  },
1175
1671
  [VulnerabilityCode.HEADER_DRIFT_XFRAME]: {
1176
- id: 126,
1672
+ id: 275,
1177
1673
  code: VulnerabilityCode.HEADER_DRIFT_XFRAME,
1178
1674
  title: 'Header Drift - X-Frame-Options Inconsistent',
1179
1675
  description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
1180
1676
  severity: 'low',
1677
+ levelId: 4,
1181
1678
  category: 'configuration',
1182
1679
  scanner: 'security-headers',
1183
1680
  cvss: {
@@ -1194,11 +1691,12 @@ export const CONFIG_VULNERABILITIES = {
1194
1691
  remediation: 'Apply X-Frame-Options or CSP frame-ancestors consistently to avoid unprotected pages.',
1195
1692
  },
1196
1693
  [VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY]: {
1197
- id: 127,
1694
+ id: 276,
1198
1695
  code: VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY,
1199
1696
  title: 'Header Drift - Permissions-Policy Inconsistent',
1200
1697
  description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
1201
1698
  severity: 'low',
1699
+ levelId: 4,
1202
1700
  category: 'configuration',
1203
1701
  scanner: 'security-headers',
1204
1702
  cvss: {
@@ -1215,11 +1713,12 @@ export const CONFIG_VULNERABILITIES = {
1215
1713
  remediation: 'Apply Permissions-Policy consistently for pages that should restrict access to sensitive browser features.',
1216
1714
  },
1217
1715
  [VulnerabilityCode.HEADER_DRIFT_COOP]: {
1218
- id: 128,
1716
+ id: 277,
1219
1717
  code: VulnerabilityCode.HEADER_DRIFT_COOP,
1220
1718
  title: 'Header Drift - COOP Inconsistent',
1221
1719
  description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
1222
1720
  severity: 'low',
1721
+ levelId: 4,
1223
1722
  category: 'configuration',
1224
1723
  scanner: 'security-headers',
1225
1724
  cvss: {
@@ -1236,11 +1735,12 @@ export const CONFIG_VULNERABILITIES = {
1236
1735
  remediation: 'Apply COOP consistently where cross-origin isolation is required and validate the policy across all relevant routes.',
1237
1736
  },
1238
1737
  [VulnerabilityCode.HEADER_DRIFT_COEP]: {
1239
- id: 129,
1738
+ id: 278,
1240
1739
  code: VulnerabilityCode.HEADER_DRIFT_COEP,
1241
1740
  title: 'Header Drift - COEP Inconsistent',
1242
1741
  description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
1243
1742
  severity: 'low',
1743
+ levelId: 4,
1244
1744
  category: 'configuration',
1245
1745
  scanner: 'security-headers',
1246
1746
  cvss: {
@@ -1257,11 +1757,12 @@ export const CONFIG_VULNERABILITIES = {
1257
1757
  remediation: 'Apply COEP consistently on routes that are intended to enforce cross-origin embedding controls.',
1258
1758
  },
1259
1759
  [VulnerabilityCode.HEADER_DRIFT_CORP]: {
1260
- id: 130,
1760
+ id: 279,
1261
1761
  code: VulnerabilityCode.HEADER_DRIFT_CORP,
1262
1762
  title: 'Header Drift - CORP Inconsistent',
1263
1763
  description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',
1264
1764
  severity: 'low',
1765
+ levelId: 4,
1265
1766
  category: 'configuration',
1266
1767
  scanner: 'security-headers',
1267
1768
  cvss: {