@zerothreatai/vulnerability-registry 3.0.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. package/dist/categories/authentication.js +34 -17
  2. package/dist/categories/configuration.js +561 -60
  3. package/dist/categories/injection.js +68 -34
  4. package/dist/categories/sensitive-paths.js +168 -84
  5. package/dist/categories/ssrf.js +22 -11
  6. package/dist/categories/xss.js +30 -15
  7. package/dist/category.d.ts +6 -0
  8. package/dist/category.js +15 -0
  9. package/dist/error-codes.d.ts +20 -0
  10. package/dist/error-codes.js +20 -0
  11. package/dist/index.d.ts +9 -1
  12. package/dist/index.js +5 -1
  13. package/dist/scanner.d.ts +6 -0
  14. package/dist/scanner.js +22 -0
  15. package/dist/types.d.ts +2 -0
  16. package/dist-cjs/categories/authentication.js +34 -17
  17. package/dist-cjs/categories/configuration.js +561 -60
  18. package/dist-cjs/categories/injection.js +68 -34
  19. package/dist-cjs/categories/sensitive-paths.js +168 -84
  20. package/dist-cjs/categories/ssrf.js +22 -11
  21. package/dist-cjs/categories/xss.js +30 -15
  22. package/dist-cjs/category.js +18 -0
  23. package/dist-cjs/error-codes.js +20 -0
  24. package/dist-cjs/index.js +7 -1
  25. package/dist-cjs/scanner.js +25 -0
  26. package/package.json +35 -32
  27. package/scripts/assign-ids.ts +105 -0
  28. package/scripts/check-duplicate-ids.ts +45 -0
  29. package/src/categories/authentication.ts +145 -128
  30. package/src/categories/configuration.ts +1632 -1111
  31. package/src/categories/injection.ts +158 -124
  32. package/src/categories/sensitive-paths.ts +168 -84
  33. package/src/categories/ssrf.ts +22 -11
  34. package/src/categories/xss.ts +30 -15
  35. package/src/category.ts +16 -0
  36. package/src/error-codes.ts +25 -5
  37. package/src/id-registry.json +1235 -0
  38. package/src/index.ts +20 -14
  39. package/src/scanner.ts +23 -0
  40. package/src/types.ts +4 -2
  41. package/zerothreatai-vulnerability-registry-4npm .0.0.tgz +0 -0
  42. package/src/categories/authentication.d.ts +0 -8
  43. package/src/categories/authentication.d.ts.map +0 -1
  44. package/src/categories/authentication.js +0 -378
  45. package/src/categories/authentication.js.map +0 -1
  46. package/src/categories/configuration.d.ts +0 -8
  47. package/src/categories/configuration.d.ts.map +0 -1
  48. package/src/categories/configuration.js +0 -906
  49. package/src/categories/configuration.js.map +0 -1
  50. package/src/categories/injection.d.ts +0 -8
  51. package/src/categories/injection.d.ts.map +0 -1
  52. package/src/categories/injection.js +0 -750
  53. package/src/categories/injection.js.map +0 -1
  54. package/src/categories/sensitive-paths.d.ts +0 -9
  55. package/src/categories/sensitive-paths.d.ts.map +0 -1
  56. package/src/categories/sensitive-paths.js +0 -1791
  57. package/src/categories/sensitive-paths.js.map +0 -1
  58. package/src/categories/ssrf.d.ts +0 -8
  59. package/src/categories/ssrf.d.ts.map +0 -1
  60. package/src/categories/ssrf.js +0 -250
  61. package/src/categories/ssrf.js.map +0 -1
  62. package/src/categories/xss.d.ts +0 -7
  63. package/src/categories/xss.d.ts.map +0 -1
  64. package/src/categories/xss.js +0 -328
  65. package/src/categories/xss.js.map +0 -1
  66. package/src/error-codes.d.ts +0 -242
  67. package/src/error-codes.d.ts.map +0 -1
  68. package/src/error-codes.js +0 -315
  69. package/src/error-codes.js.map +0 -1
  70. package/src/index.d.ts +0 -60
  71. package/src/index.d.ts.map +0 -1
  72. package/src/index.js +0 -107
  73. package/src/index.js.map +0 -1
  74. package/src/types.d.ts +0 -86
  75. package/src/types.d.ts.map +0 -1
  76. package/src/types.js +0 -7
  77. package/src/types.js.map +0 -1
package/dist-cjs/categories/configuration.js CHANGED
@@ -12,11 +12,12 @@ exports.CONFIG_VULNERABILITIES = {
12
12
  // SECURITY HEADERS
13
13
  // ========================================
14
14
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_CSP]: {
15
- id: 69,
15
+ id: 200,
16
16
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_CSP,
17
17
  title: 'Missing Security Header - Content-Security-Policy',
18
18
  description: 'The application does not implement Content-Security-Policy header, leaving it vulnerable to cross-site scripting attacks that could be mitigated by restricting the sources from which scripts, styles, and other resources can be loaded into the page.',
19
19
  severity: 'medium',
20
+ levelId: 3,
20
21
  category: 'configuration',
21
22
  scanner: 'security-headers',
22
23
  cvss: {
@@ -33,11 +34,12 @@ exports.CONFIG_VULNERABILITIES = {
33
34
  remediation: 'Implement Content-Security-Policy header with strict directives. Start with default-src self and progressively add required sources. Use nonce-based CSP for inline scripts.',
34
35
  },
35
36
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_HSTS]: {
36
- id: 70,
37
+ id: 201,
37
38
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_HSTS,
38
39
  title: 'Missing Security Header - Strict-Transport-Security',
39
40
  description: 'The application does not implement HSTS (HTTP Strict Transport Security) header, leaving users vulnerable to SSL stripping attacks and man-in-the-middle downgrades from HTTPS to HTTP connections on initial visits or after cookie expiration.',
40
41
  severity: 'medium',
42
+ levelId: 3,
41
43
  category: 'configuration',
42
44
  scanner: 'security-headers',
43
45
  cvss: {
@@ -54,11 +56,12 @@ exports.CONFIG_VULNERABILITIES = {
54
56
  remediation: 'Add Strict-Transport-Security header with max-age of at least 31536000 (1 year). Include includeSubDomains directive. Consider HSTS preloading for maximum protection.',
55
57
  },
56
58
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE]: {
57
- id: 1011,
59
+ id: 202,
58
60
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_BAD_MAX_AGE,
59
61
  title: 'HSTS Misconfiguration - Invalid Max-Age',
60
62
  description: 'The Strict-Transport-Security header uses an invalid or malformed max-age value, preventing reliable HTTPS enforcement.',
61
63
  severity: 'medium',
64
+ levelId: 3,
62
65
  category: 'configuration',
63
66
  scanner: 'security-headers',
64
67
  cvss: {
@@ -75,11 +78,12 @@ exports.CONFIG_VULNERABILITIES = {
75
78
  remediation: 'Set a valid numeric max-age on Strict-Transport-Security (at least 31536000).',
76
79
  },
77
80
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE]: {
78
- id: 1012,
81
+ id: 203,
79
82
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_SHORT_MAX_AGE,
80
83
  title: 'HSTS Misconfiguration - Max-Age Too Short',
81
84
  description: 'The Strict-Transport-Security header uses a short max-age value that weakens HTTPS enforcement and allows downgrade risk to return quickly.',
82
85
  severity: 'medium',
86
+ levelId: 3,
83
87
  category: 'configuration',
84
88
  scanner: 'security-headers',
85
89
  cvss: {
@@ -96,11 +100,12 @@ exports.CONFIG_VULNERABILITIES = {
96
100
  remediation: 'Increase max-age to at least 31536000 (1 year) to provide durable HTTPS enforcement.',
97
101
  },
98
102
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS]: {
99
- id: 1013,
103
+ id: 204,
100
104
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_NO_INCLUDESUBDOMAINS,
101
105
  title: 'HSTS Misconfiguration - Missing includeSubDomains',
102
106
  description: 'The Strict-Transport-Security header is missing includeSubDomains, leaving subdomains unprotected from downgrade and stripping attacks.',
103
107
  severity: 'medium',
108
+ levelId: 3,
104
109
  category: 'configuration',
105
110
  scanner: 'security-headers',
106
111
  cvss: {
@@ -117,11 +122,12 @@ exports.CONFIG_VULNERABILITIES = {
117
122
  remediation: 'Add includeSubDomains to the HSTS header to protect all subdomains.',
118
123
  },
119
124
  [error_codes_js_1.VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE]: {
120
- id: 1018,
125
+ id: 205,
121
126
  code: error_codes_js_1.VulnerabilityCode.HEADER_HSTS_PRELOAD_LOW_MAX_AGE,
122
127
  title: 'HSTS Preload Requirements Not Met',
123
128
  description: 'The HSTS header indicates preload intent but does not meet preload requirements, such as a sufficiently long max-age or includeSubDomains, reducing preload effectiveness.',
124
129
  severity: 'medium',
130
+ levelId: 3,
125
131
  category: 'configuration',
126
132
  scanner: 'security-headers',
127
133
  cvss: {
@@ -138,11 +144,12 @@ exports.CONFIG_VULNERABILITIES = {
138
144
  remediation: 'Ensure HSTS max-age is at least 31536000, include includeSubDomains, and add preload before submitting to the preload list.',
139
145
  },
140
146
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XFRAME]: {
141
- id: 71,
147
+ id: 206,
142
148
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XFRAME,
143
149
  title: 'Missing Security Header - X-Frame-Options',
144
150
  description: 'The application does not set X-Frame-Options header, making it vulnerable to clickjacking attacks where malicious websites can embed the application in invisible iframes and trick users into performing unintended actions through deceptive UI overlays.',
145
151
  severity: 'medium',
152
+ levelId: 3,
146
153
  category: 'configuration',
147
154
  scanner: 'security-headers',
148
155
  cvss: {
@@ -159,11 +166,12 @@ exports.CONFIG_VULNERABILITIES = {
159
166
  remediation: 'Set X-Frame-Options header to DENY or SAMEORIGIN. Use Content-Security-Policy frame-ancestors directive for more granular control. Both headers can be used together for compatibility.',
160
167
  },
161
168
  [error_codes_js_1.VulnerabilityCode.HEADER_WEAK_CSP]: {
162
- id: 72,
169
+ id: 207,
163
170
  code: error_codes_js_1.VulnerabilityCode.HEADER_WEAK_CSP,
164
171
  title: 'Weak Content-Security-Policy Configuration',
165
172
  description: 'The Content-Security-Policy header contains unsafe directives like unsafe-inline, unsafe-eval, or overly permissive source allowlists that significantly reduce its effectiveness as an XSS mitigation and may create false sense of security.',
166
173
  severity: 'medium',
174
+ levelId: 3,
167
175
  category: 'configuration',
168
176
  scanner: 'security-headers',
169
177
  cvss: {
@@ -180,11 +188,12 @@ exports.CONFIG_VULNERABILITIES = {
180
188
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Use nonce-based or hash-based CSP for inline scripts. Restrict source allowlists to specific trusted domains rather than wildcards.',
181
189
  },
182
190
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_REPORT_ONLY]: {
183
- id: 1001,
191
+ id: 208,
184
192
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_REPORT_ONLY,
185
193
  title: 'Content-Security-Policy Report-Only Enabled',
186
194
  description: 'The Content-Security-Policy header is deployed in report-only mode, which does not enforce protections and allows unsafe content to execute while only logging violations.',
187
195
  severity: 'medium',
196
+ levelId: 3,
188
197
  category: 'configuration',
189
198
  scanner: 'security-headers',
190
199
  cvss: {
@@ -201,11 +210,12 @@ exports.CONFIG_VULNERABILITIES = {
201
210
  remediation: 'Switch to enforcing Content-Security-Policy once violations are reviewed. Use report-only during rollout, then enforce with strict directives.',
202
211
  },
203
212
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES]: {
204
- id: 1002,
213
+ id: 209,
205
214
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_WEAK_DIRECTIVES,
206
215
  title: 'Content-Security-Policy Contains Unsafe Directives',
207
216
  description: 'The Content-Security-Policy header includes unsafe directives such as unsafe-inline or unsafe-eval that reduce XSS protection and allow risky script execution paths.',
208
217
  severity: 'medium',
218
+ levelId: 3,
209
219
  category: 'configuration',
210
220
  scanner: 'security-headers',
211
221
  cvss: {
@@ -222,11 +232,12 @@ exports.CONFIG_VULNERABILITIES = {
222
232
  remediation: 'Remove unsafe-inline and unsafe-eval directives. Replace inline scripts with nonces or hashes and restrict sources to trusted domains.',
223
233
  },
224
234
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT]: {
225
- id: 1003,
235
+ id: 210,
226
236
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_DATA_URI_SCRIPT,
227
237
  title: 'Content-Security-Policy Allows data: in script-src',
228
238
  description: 'The CSP allows data: URIs for script execution, which can enable script injection through crafted data URLs and weaken XSS protections.',
229
239
  severity: 'medium',
240
+ levelId: 3,
230
241
  category: 'configuration',
231
242
  scanner: 'security-headers',
232
243
  cvss: {
@@ -243,11 +254,12 @@ exports.CONFIG_VULNERABILITIES = {
243
254
  remediation: 'Remove data: from script-src. Use nonce or hash-based CSP for any required inline scripts.',
244
255
  },
245
256
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT]: {
246
- id: 1004,
257
+ id: 211,
247
258
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_BLOB_URI_SCRIPT,
248
259
  title: 'Content-Security-Policy Allows blob: in script-src',
249
260
  description: 'The CSP allows blob: URIs for script execution, which can be abused to load attacker-controlled scripts in some contexts and weaken XSS mitigations.',
250
261
  severity: 'medium',
262
+ levelId: 3,
251
263
  category: 'configuration',
252
264
  scanner: 'security-headers',
253
265
  cvss: {
@@ -264,11 +276,12 @@ exports.CONFIG_VULNERABILITIES = {
264
276
  remediation: 'Remove blob: from script-src unless strictly required. Use a narrower allowlist or nonces for trusted scripts.',
265
277
  },
266
278
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT]: {
267
- id: 1005,
279
+ id: 212,
268
280
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_WILDCARD_DEFAULT,
269
281
  title: 'Content-Security-Policy default-src Uses Wildcard',
270
282
  description: 'The CSP default-src directive allows all origins, which effectively disables the protection and allows untrusted content to load.',
271
283
  severity: 'medium',
284
+ levelId: 3,
272
285
  category: 'configuration',
273
286
  scanner: 'security-headers',
274
287
  cvss: {
@@ -285,11 +298,12 @@ exports.CONFIG_VULNERABILITIES = {
285
298
  remediation: 'Replace wildcard default-src with explicit trusted origins and tighten resource-specific directives.',
286
299
  },
287
300
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_BASE_URI]: {
288
- id: 1006,
301
+ id: 213,
289
302
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_BASE_URI,
290
303
  title: 'Content-Security-Policy Missing base-uri Directive',
291
304
  description: 'The CSP does not include a base-uri directive, allowing the base URL to be set by injected markup and enabling abuse of relative URL resolution.',
292
305
  severity: 'medium',
306
+ levelId: 3,
293
307
  category: 'configuration',
294
308
  scanner: 'security-headers',
295
309
  cvss: {
@@ -306,11 +320,12 @@ exports.CONFIG_VULNERABILITIES = {
306
320
  remediation: 'Add base-uri \'self\' (or a strict allowlist) to CSP to prevent base tag abuse.',
307
321
  },
308
322
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC]: {
309
- id: 1007,
323
+ id: 214,
310
324
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_OBJECT_SRC,
311
325
  title: 'Content-Security-Policy Missing object-src Directive',
312
326
  description: 'The CSP does not include an object-src directive, allowing embedded objects to load from arbitrary origins and weakening defense-in-depth against plugin-based risks.',
313
327
  severity: 'medium',
328
+ levelId: 3,
314
329
  category: 'configuration',
315
330
  scanner: 'security-headers',
316
331
  cvss: {
@@ -327,11 +342,12 @@ exports.CONFIG_VULNERABILITIES = {
327
342
  remediation: 'Add object-src \'none\' (or a strict allowlist) to CSP to prevent plugin content loading.',
328
343
  },
329
344
  [error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS]: {
330
- id: 1008,
345
+ id: 215,
331
346
  code: error_codes_js_1.VulnerabilityCode.HEADER_CSP_NO_FRAME_ANCESTORS,
332
347
  title: 'Content-Security-Policy Missing frame-ancestors Directive',
333
348
  description: 'The CSP does not include a frame-ancestors directive, leaving pages potentially frameable and vulnerable to clickjacking attacks.',
334
349
  severity: 'medium',
350
+ levelId: 3,
335
351
  category: 'configuration',
336
352
  scanner: 'security-headers',
337
353
  cvss: {
@@ -348,11 +364,12 @@ exports.CONFIG_VULNERABILITIES = {
348
364
  remediation: 'Add frame-ancestors \'none\' or a strict allowlist to CSP to prevent clickjacking.',
349
365
  },
350
366
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_MISCONFIGURED]: {
351
- id: 73,
367
+ id: 216,
352
368
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_MISCONFIGURED,
353
369
  title: 'CORS Misconfiguration',
354
370
  description: 'Cross-Origin Resource Sharing is misconfigured with overly permissive Access-Control-Allow-Origin headers including wildcard (*) with credentials, or dynamic reflection of Origin header without proper validation, enabling cross-origin data theft.',
355
371
  severity: 'high',
372
+ levelId: 2,
356
373
  category: 'configuration',
357
374
  scanner: 'security-headers',
358
375
  cvss: {
@@ -369,11 +386,12 @@ exports.CONFIG_VULNERABILITIES = {
369
386
  remediation: 'Implement strict Origin validation with allowlist of trusted domains. Never reflect Origin header without validation. Do not use wildcard with Access-Control-Allow-Credentials.',
370
387
  },
371
388
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS]: {
372
- id: 1014,
389
+ id: 217,
373
390
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_STAR_WITH_CREDENTIALS,
374
391
  title: 'CORS Wildcard With Credentials',
375
392
  description: 'Access-Control-Allow-Origin is set to * while Access-Control-Allow-Credentials is enabled, which browsers block but signals a dangerous CORS policy that can be misapplied in some environments.',
376
393
  severity: 'high',
394
+ levelId: 2,
377
395
  category: 'configuration',
378
396
  scanner: 'security-headers',
379
397
  cvss: {
@@ -390,11 +408,12 @@ exports.CONFIG_VULNERABILITIES = {
390
408
  remediation: 'Never use wildcard origins with credentials. Replace * with an explicit allowlist and set Vary: Origin.',
391
409
  },
392
410
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY]: {
393
- id: 1015,
411
+ id: 218,
394
412
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_ORIGIN_REFLECT_NO_VARY,
395
413
  title: 'CORS Origin Reflection Without Vary',
396
414
  description: 'The Origin header is reflected in Access-Control-Allow-Origin without Vary: Origin, which can lead to cache poisoning and unintended cross-origin access.',
397
415
  severity: 'high',
416
+ levelId: 2,
398
417
  category: 'configuration',
399
418
  scanner: 'security-headers',
400
419
  cvss: {
@@ -411,11 +430,12 @@ exports.CONFIG_VULNERABILITIES = {
411
430
  remediation: 'Validate origins against an allowlist and always include Vary: Origin when dynamically setting Access-Control-Allow-Origin.',
412
431
  },
413
432
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_NULL_ORIGIN]: {
414
- id: 1016,
433
+ id: 219,
415
434
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_NULL_ORIGIN,
416
435
  title: 'CORS Allows Null Origin',
417
436
  description: 'Access-Control-Allow-Origin allows the null origin, enabling requests from opaque origins such as sandboxed iframes and file URLs that can be abused to access sensitive data.',
418
437
  severity: 'high',
438
+ levelId: 2,
419
439
  category: 'configuration',
420
440
  scanner: 'security-headers',
421
441
  cvss: {
@@ -432,11 +452,12 @@ exports.CONFIG_VULNERABILITIES = {
432
452
  remediation: 'Remove null from allowed origins. Restrict CORS to explicit trusted domains only.',
433
453
  },
434
454
  [error_codes_js_1.VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN]: {
435
- id: 1017,
455
+ id: 220,
436
456
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORS_WILDCARD_SUBDOMAIN,
437
457
  title: 'CORS Allows Wildcard Subdomains',
438
458
  description: 'CORS policies allow wildcard subdomains that can be abused if any subdomain is compromised or can be controlled by untrusted parties.',
439
459
  severity: 'high',
460
+ levelId: 2,
440
461
  category: 'configuration',
441
462
  scanner: 'security-headers',
442
463
  cvss: {
@@ -455,12 +476,454 @@ exports.CONFIG_VULNERABILITIES = {
455
476
  // ========================================
456
477
  // DIRECTORY BROWSING
457
478
  // ========================================
479
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC]: {
480
+ id: 221,
481
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC,
482
+ title: 'Directory Listing Enabled (Generic)',
483
+ description: 'Directory listing is enabled and exposes directory contents to unauthenticated visitors, revealing application structure and file names.',
484
+ severity: 'low',
485
+ levelId: 4,
486
+ category: 'configuration',
487
+ scanner: 'directory-browsing',
488
+ cvss: {
489
+ score: 3.7,
490
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
491
+ severity: 'LOW',
492
+ },
493
+ cwe: [
494
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
495
+ ],
496
+ owasp: [
497
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
498
+ ],
499
+ remediation: 'Disable directory listing in the web server configuration and ensure directories have index files.',
500
+ },
501
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE]: {
502
+ id: 222,
503
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GENERIC_SENSITIVE,
504
+ title: 'Directory Listing Exposing Sensitive Content (Generic)',
505
+ description: 'Directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
506
+ severity: 'medium',
507
+ levelId: 3,
508
+ category: 'configuration',
509
+ scanner: 'directory-browsing',
510
+ cvss: {
511
+ score: 5.3,
512
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
513
+ severity: 'MEDIUM',
514
+ },
515
+ cwe: [
516
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
517
+ ],
518
+ owasp: [
519
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
520
+ ],
521
+ remediation: 'Disable directory listing and remove sensitive files from web-accessible directories.',
522
+ },
523
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE]: {
524
+ id: 223,
525
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE,
526
+ title: 'Apache Autoindex Enabled',
527
+ description: 'Apache autoindex is enabled, exposing directory contents to unauthenticated visitors.',
528
+ severity: 'low',
529
+ levelId: 4,
530
+ category: 'configuration',
531
+ scanner: 'directory-browsing',
532
+ cvss: {
533
+ score: 3.7,
534
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
535
+ severity: 'LOW',
536
+ },
537
+ cwe: [
538
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
539
+ ],
540
+ owasp: [
541
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
542
+ ],
543
+ remediation: 'Disable autoindex in Apache (Options -Indexes) and add index files.',
544
+ },
545
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE]: {
546
+ id: 224,
547
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_APACHE_SENSITIVE,
548
+ title: 'Apache Autoindex Exposing Sensitive Content',
549
+ description: 'Apache autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
550
+ severity: 'medium',
551
+ levelId: 3,
552
+ category: 'configuration',
553
+ scanner: 'directory-browsing',
554
+ cvss: {
555
+ score: 5.3,
556
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
557
+ severity: 'MEDIUM',
558
+ },
559
+ cwe: [
560
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
561
+ ],
562
+ owasp: [
563
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
564
+ ],
565
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
566
+ },
567
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX]: {
568
+ id: 225,
569
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX,
570
+ title: 'Nginx Autoindex Enabled',
571
+ description: 'Nginx autoindex is enabled, exposing directory contents to unauthenticated visitors.',
572
+ severity: 'low',
573
+ levelId: 4,
574
+ category: 'configuration',
575
+ scanner: 'directory-browsing',
576
+ cvss: {
577
+ score: 3.7,
578
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
579
+ severity: 'LOW',
580
+ },
581
+ cwe: [
582
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
583
+ ],
584
+ owasp: [
585
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
586
+ ],
587
+ remediation: 'Disable autoindex in nginx (autoindex off) and add index files.',
588
+ },
589
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE]: {
590
+ id: 226,
591
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_NGINX_SENSITIVE,
592
+ title: 'Nginx Autoindex Exposing Sensitive Content',
593
+ description: 'Nginx autoindex is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
594
+ severity: 'medium',
595
+ levelId: 3,
596
+ category: 'configuration',
597
+ scanner: 'directory-browsing',
598
+ cvss: {
599
+ score: 5.3,
600
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
601
+ severity: 'MEDIUM',
602
+ },
603
+ cwe: [
604
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
605
+ ],
606
+ owasp: [
607
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
608
+ ],
609
+ remediation: 'Disable autoindex and remove sensitive files from web-accessible directories.',
610
+ },
611
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS]: {
612
+ id: 227,
613
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS,
614
+ title: 'IIS Directory Browsing Enabled',
615
+ description: 'IIS directory browsing is enabled, exposing directory contents to unauthenticated visitors.',
616
+ severity: 'low',
617
+ levelId: 4,
618
+ category: 'configuration',
619
+ scanner: 'directory-browsing',
620
+ cvss: {
621
+ score: 3.7,
622
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
623
+ severity: 'LOW',
624
+ },
625
+ cwe: [
626
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
627
+ ],
628
+ owasp: [
629
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
630
+ ],
631
+ remediation: 'Disable directory browsing in IIS and ensure directories have index files.',
632
+ },
633
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE]: {
634
+ id: 228,
635
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_IIS_SENSITIVE,
636
+ title: 'IIS Directory Browsing Exposing Sensitive Content',
637
+ description: 'IIS directory browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
638
+ severity: 'medium',
639
+ levelId: 3,
640
+ category: 'configuration',
641
+ scanner: 'directory-browsing',
642
+ cvss: {
643
+ score: 5.3,
644
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
645
+ severity: 'MEDIUM',
646
+ },
647
+ cwe: [
648
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
649
+ ],
650
+ owasp: [
651
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
652
+ ],
653
+ remediation: 'Disable directory browsing and remove sensitive files from web-accessible directories.',
654
+ },
655
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT]: {
656
+ id: 229,
657
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT,
658
+ title: 'Tomcat Directory Listing Enabled',
659
+ description: 'Tomcat directory listing is enabled, exposing directory contents to unauthenticated visitors.',
660
+ severity: 'low',
661
+ levelId: 4,
662
+ category: 'configuration',
663
+ scanner: 'directory-browsing',
664
+ cvss: {
665
+ score: 3.7,
666
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
667
+ severity: 'LOW',
668
+ },
669
+ cwe: [
670
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
671
+ ],
672
+ owasp: [
673
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
674
+ ],
675
+ remediation: 'Disable directory listings in Tomcat and add index files to web directories.',
676
+ },
677
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE]: {
678
+ id: 230,
679
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_TOMCAT_SENSITIVE,
680
+ title: 'Tomcat Directory Listing Exposing Sensitive Content',
681
+ description: 'Tomcat directory listing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
682
+ severity: 'medium',
683
+ levelId: 3,
684
+ category: 'configuration',
685
+ scanner: 'directory-browsing',
686
+ cvss: {
687
+ score: 5.3,
688
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
689
+ severity: 'MEDIUM',
690
+ },
691
+ cwe: [
692
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
693
+ ],
694
+ owasp: [
695
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
696
+ ],
697
+ remediation: 'Disable directory listings and remove sensitive files from web-accessible directories.',
698
+ },
699
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY]: {
700
+ id: 231,
701
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY,
702
+ title: 'Caddy File Server Browsing Enabled',
703
+ description: 'Caddy file server browsing is enabled, exposing directory contents to unauthenticated visitors.',
704
+ severity: 'low',
705
+ levelId: 4,
706
+ category: 'configuration',
707
+ scanner: 'directory-browsing',
708
+ cvss: {
709
+ score: 3.7,
710
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
711
+ severity: 'LOW',
712
+ },
713
+ cwe: [
714
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
715
+ ],
716
+ owasp: [
717
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
718
+ ],
719
+ remediation: 'Disable file_server browse in Caddy or restrict browsing to trusted users.',
720
+ },
721
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE]: {
722
+ id: 232,
723
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_CADDY_SENSITIVE,
724
+ title: 'Caddy File Server Browsing Exposing Sensitive Content',
725
+ description: 'Caddy file server browsing is enabled on a directory containing sensitive files such as backups, credentials, or configuration artifacts.',
726
+ severity: 'medium',
727
+ levelId: 3,
728
+ category: 'configuration',
729
+ scanner: 'directory-browsing',
730
+ cvss: {
731
+ score: 5.3,
732
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
733
+ severity: 'MEDIUM',
734
+ },
735
+ cwe: [
736
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
737
+ ],
738
+ owasp: [
739
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
740
+ ],
741
+ remediation: 'Disable file_server browse and remove sensitive files from web-accessible directories.',
742
+ },
743
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV]: {
744
+ id: 233,
745
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV,
746
+ title: 'WebDAV Directory Listing Enabled',
747
+ description: 'WebDAV responses expose directory contents, allowing unauthenticated browsing of files and folders.',
748
+ severity: 'low',
749
+ levelId: 4,
750
+ category: 'configuration',
751
+ scanner: 'directory-browsing',
752
+ cvss: {
753
+ score: 3.7,
754
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
755
+ severity: 'LOW',
756
+ },
757
+ cwe: [
758
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
759
+ ],
760
+ owasp: [
761
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
762
+ ],
763
+ remediation: 'Disable unauthenticated WebDAV browsing or restrict access with authentication and authorization.',
764
+ },
765
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE]: {
766
+ id: 234,
767
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_WEBDAV_SENSITIVE,
768
+ title: 'WebDAV Directory Listing Exposing Sensitive Content',
769
+ description: 'WebDAV responses expose directories containing sensitive files such as backups, credentials, or configuration artifacts.',
770
+ severity: 'medium',
771
+ levelId: 3,
772
+ category: 'configuration',
773
+ scanner: 'directory-browsing',
774
+ cvss: {
775
+ score: 5.3,
776
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
777
+ severity: 'MEDIUM',
778
+ },
779
+ cwe: [
780
+ { id: 'CWE-548', name: 'Directory Listing', url: 'https://cwe.mitre.org/data/definitions/548.html' },
781
+ ],
782
+ owasp: [
783
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
784
+ ],
785
+ remediation: 'Disable unauthenticated WebDAV browsing and remove sensitive files from exposed directories.',
786
+ },
787
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3]: {
788
+ id: 235,
789
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3,
790
+ title: 'S3 Bucket Listing Enabled',
791
+ description: 'An S3 bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
792
+ severity: 'low',
793
+ levelId: 4,
794
+ category: 'configuration',
795
+ scanner: 'directory-browsing',
796
+ cvss: {
797
+ score: 3.7,
798
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
799
+ severity: 'LOW',
800
+ },
801
+ cwe: [
802
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
803
+ ],
804
+ owasp: [
805
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
806
+ ],
807
+ remediation: 'Disable public ListBucket access and restrict bucket policies to authorized principals.',
808
+ },
809
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE]: {
810
+ id: 236,
811
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_S3_SENSITIVE,
812
+ title: 'S3 Bucket Listing Exposing Sensitive Content',
813
+ description: 'An S3 bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
814
+ severity: 'medium',
815
+ levelId: 3,
816
+ category: 'configuration',
817
+ scanner: 'directory-browsing',
818
+ cvss: {
819
+ score: 5.3,
820
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
821
+ severity: 'MEDIUM',
822
+ },
823
+ cwe: [
824
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
825
+ ],
826
+ owasp: [
827
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
828
+ ],
829
+ remediation: 'Remove public ListBucket access and rotate any exposed credentials or secrets.',
830
+ },
831
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS]: {
832
+ id: 237,
833
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS,
834
+ title: 'GCS Bucket Listing Enabled',
835
+ description: 'A Google Cloud Storage bucket listing is exposed, allowing unauthenticated enumeration of object keys.',
836
+ severity: 'low',
837
+ levelId: 4,
838
+ category: 'configuration',
839
+ scanner: 'directory-browsing',
840
+ cvss: {
841
+ score: 3.7,
842
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
843
+ severity: 'LOW',
844
+ },
845
+ cwe: [
846
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
847
+ ],
848
+ owasp: [
849
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
850
+ ],
851
+ remediation: 'Restrict bucket IAM policies to authorized principals and disable anonymous listing.',
852
+ },
853
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE]: {
854
+ id: 238,
855
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_GCS_SENSITIVE,
856
+ title: 'GCS Bucket Listing Exposing Sensitive Content',
857
+ description: 'A Google Cloud Storage bucket listing is exposed and includes sensitive objects such as backups, credentials, or configuration artifacts.',
858
+ severity: 'medium',
859
+ levelId: 3,
860
+ category: 'configuration',
861
+ scanner: 'directory-browsing',
862
+ cvss: {
863
+ score: 5.3,
864
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
865
+ severity: 'MEDIUM',
866
+ },
867
+ cwe: [
868
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
869
+ ],
870
+ owasp: [
871
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
872
+ ],
873
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
874
+ },
875
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB]: {
876
+ id: 239,
877
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB,
878
+ title: 'Azure Blob Container Listing Enabled',
879
+ description: 'An Azure Blob container listing is exposed, allowing unauthenticated enumeration of blob names.',
880
+ severity: 'low',
881
+ levelId: 4,
882
+ category: 'configuration',
883
+ scanner: 'directory-browsing',
884
+ cvss: {
885
+ score: 3.7,
886
+ vector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N',
887
+ severity: 'LOW',
888
+ },
889
+ cwe: [
890
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
891
+ ],
892
+ owasp: [
893
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
894
+ ],
895
+ remediation: 'Disable public container listing and restrict access via SAS tokens or RBAC.',
896
+ },
897
+ [error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE]: {
898
+ id: 240,
899
+ code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_AZURE_BLOB_SENSITIVE,
900
+ title: 'Azure Blob Container Listing Exposing Sensitive Content',
901
+ description: 'An Azure Blob container listing is exposed and includes sensitive blobs such as backups, credentials, or configuration artifacts.',
902
+ severity: 'medium',
903
+ levelId: 3,
904
+ category: 'configuration',
905
+ scanner: 'directory-browsing',
906
+ cvss: {
907
+ score: 5.3,
908
+ vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N',
909
+ severity: 'MEDIUM',
910
+ },
911
+ cwe: [
912
+ { id: 'CWE-200', name: 'Exposure of Sensitive Information to an Unauthorized Actor', url: 'https://cwe.mitre.org/data/definitions/200.html' },
913
+ ],
914
+ owasp: [
915
+ { id: 'A05:2021', name: 'Security Misconfiguration', url: 'https://owasp.org/Top10/A05_2021-Security_Misconfiguration/' },
916
+ ],
917
+ remediation: 'Remove public listing access and rotate any exposed credentials or secrets.',
918
+ },
919
+ // Legacy generic codes (keep for backward compatibility)
458
920
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED]: {
459
- id: 74,
921
+ id: 241,
460
922
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_ENABLED,
461
923
  title: 'Directory Listing Enabled',
462
924
  description: 'Web server directory listing is enabled, exposing the contents of directories to anyone who browses to them without an index file. This reveals application structure, backup files, configuration files, and potentially sensitive data to attackers.',
463
925
  severity: 'low',
926
+ levelId: 4,
464
927
  category: 'configuration',
465
928
  scanner: 'directory-browsing',
466
929
  cvss: {
@@ -477,11 +940,12 @@ exports.CONFIG_VULNERABILITIES = {
477
940
  remediation: 'Disable directory listing in web server configuration (Options -Indexes in Apache, autoindex off in nginx). Ensure all directories have proper index files.',
478
941
  },
479
942
  [error_codes_js_1.VulnerabilityCode.DIRBROWSE_SENSITIVE]: {
480
- id: 75,
943
+ id: 242,
481
944
  code: error_codes_js_1.VulnerabilityCode.DIRBROWSE_SENSITIVE,
482
945
  title: 'Directory Listing Exposing Sensitive Content',
483
946
  description: 'Directory listing is enabled on a directory containing sensitive files like backups, configuration files, source code, or credentials. This elevates the risk significantly as attackers can directly access sensitive information without guessing filenames.',
484
947
  severity: 'medium',
948
+ levelId: 3,
485
949
  category: 'configuration',
486
950
  scanner: 'directory-browsing',
487
951
  cvss: {
@@ -501,11 +965,12 @@ exports.CONFIG_VULNERABILITIES = {
501
965
  // CLICKJACKING
502
966
  // ========================================
503
967
  [error_codes_js_1.VulnerabilityCode.CLICK_FRAMEABLE]: {
504
- id: 76,
968
+ id: 243,
505
969
  code: error_codes_js_1.VulnerabilityCode.CLICK_FRAMEABLE,
506
970
  title: 'Clickjacking - Page Frameable',
507
971
  description: 'The application pages can be embedded in iframes on malicious websites, enabling clickjacking attacks where attackers overlay transparent frames over deceptive UI elements to trick users into clicking hidden buttons or links that perform unintended actions.',
508
972
  severity: 'medium',
973
+ levelId: 3,
509
974
  category: 'configuration',
510
975
  scanner: 'security-headers',
511
976
  cvss: {
@@ -525,11 +990,12 @@ exports.CONFIG_VULNERABILITIES = {
525
990
  // DESERIALIZATION
526
991
  // ========================================
527
992
  [error_codes_js_1.VulnerabilityCode.DESER_JAVA]: {
528
- id: 77,
993
+ id: 244,
529
994
  code: error_codes_js_1.VulnerabilityCode.DESER_JAVA,
530
995
  title: 'Insecure Deserialization - Java',
531
996
  description: 'Critical Java deserialization vulnerability where untrusted serialized objects are processed, allowing attackers to achieve remote code execution through gadget chains in common libraries like Apache Commons Collections, Spring Framework, or other classpath dependencies.',
532
997
  severity: 'critical',
998
+ levelId: 1,
533
999
  category: 'injection',
534
1000
  scanner: 'deserialization',
535
1001
  cvss: {
@@ -546,11 +1012,12 @@ exports.CONFIG_VULNERABILITIES = {
546
1012
  remediation: 'Do not deserialize untrusted data. Use JSON or XML instead of Java serialization. Implement ObjectInputFilter (JEP 290) to restrict deserializable classes. Remove vulnerable gadget libraries.',
547
1013
  },
548
1014
  [error_codes_js_1.VulnerabilityCode.DESER_PHP]: {
549
- id: 78,
1015
+ id: 245,
550
1016
  code: error_codes_js_1.VulnerabilityCode.DESER_PHP,
551
1017
  title: 'Insecure Deserialization - PHP',
552
1018
  description: 'Critical PHP deserialization vulnerability where unserialize() processes attacker-controlled data, enabling object injection attacks through magic methods like __wakeup(), __destruct(), or __toString() in application or framework classes for remote code execution.',
553
1019
  severity: 'critical',
1020
+ levelId: 1,
554
1021
  category: 'injection',
555
1022
  scanner: 'deserialization',
556
1023
  cvss: {
@@ -567,11 +1034,12 @@ exports.CONFIG_VULNERABILITIES = {
567
1034
  remediation: 'Never pass user input to unserialize(). Use json_decode() instead. If serialization is required, use allowed_classes option with explicit allowlist. Audit code for pop chains.',
568
1035
  },
569
1036
  [error_codes_js_1.VulnerabilityCode.DESER_PYTHON]: {
570
- id: 79,
1037
+ id: 246,
571
1038
  code: error_codes_js_1.VulnerabilityCode.DESER_PYTHON,
572
1039
  title: 'Insecure Deserialization - Python',
573
1040
  description: 'Critical Python deserialization vulnerability through pickle/cPickle processing of untrusted data, enabling remote code execution via __reduce__ method exploitation. Python pickle is inherently unsafe and should never process untrusted input.',
574
1041
  severity: 'critical',
1042
+ levelId: 1,
575
1043
  category: 'injection',
576
1044
  scanner: 'deserialization',
577
1045
  cvss: {
@@ -588,11 +1056,12 @@ exports.CONFIG_VULNERABILITIES = {
588
1056
  remediation: 'Never pickle untrusted data. Use JSON or other safe formats. If pickle is required, use cryptographic signatures to verify data integrity before deserialization.',
589
1057
  },
590
1058
  [error_codes_js_1.VulnerabilityCode.DESER_DOTNET]: {
591
- id: 80,
1059
+ id: 247,
592
1060
  code: error_codes_js_1.VulnerabilityCode.DESER_DOTNET,
593
1061
  title: 'Insecure Deserialization - .NET',
594
1062
  description: 'Critical .NET deserialization vulnerability through BinaryFormatter, ObjectStateFormatter, LosFormatter, or other dangerous formatters processing untrusted data, enabling remote code execution through gadget chains in the .NET runtime or third-party libraries.',
595
1063
  severity: 'critical',
1064
+ levelId: 1,
596
1065
  category: 'injection',
597
1066
  scanner: 'deserialization',
598
1067
  cvss: {
@@ -609,11 +1078,12 @@ exports.CONFIG_VULNERABILITIES = {
609
1078
  remediation: 'Avoid BinaryFormatter for untrusted data. Use System.Text.Json or XmlSerializer with known types. For legacy code, implement SerializationBinder to restrict deserializable types.',
610
1079
  },
611
1080
  [error_codes_js_1.VulnerabilityCode.DESER_RUBY]: {
612
- id: 81,
1081
+ id: 248,
613
1082
  code: error_codes_js_1.VulnerabilityCode.DESER_RUBY,
614
1083
  title: 'Insecure Deserialization - Ruby',
615
1084
  description: 'Critical Ruby deserialization vulnerability through Marshal.load or YAML.load processing untrusted data, enabling remote code execution through Ruby object instantiation gadgets that execute arbitrary code during object reconstruction.',
616
1085
  severity: 'critical',
1086
+ levelId: 1,
617
1087
  category: 'injection',
618
1088
  scanner: 'deserialization',
619
1089
  cvss: {
@@ -630,11 +1100,12 @@ exports.CONFIG_VULNERABILITIES = {
630
1100
  remediation: 'Never Marshal.load untrusted data. Use JSON.parse instead. For YAML, use YAML.safe_load with permitted_classes option. Sign serialized data with HMAC for integrity.',
631
1101
  },
632
1102
  [error_codes_js_1.VulnerabilityCode.DESER_NODE]: {
633
- id: 82,
1103
+ id: 249,
634
1104
  code: error_codes_js_1.VulnerabilityCode.DESER_NODE,
635
1105
  title: 'Insecure Deserialization - Node.js',
636
1106
  description: 'Critical Node.js deserialization vulnerability through node-serialize, funcster, or similar libraries that execute JavaScript during deserialization, enabling remote code execution when attacker-controlled serialized data containing functions or IIFE is processed.',
637
1107
  severity: 'critical',
1108
+ levelId: 1,
638
1109
  category: 'injection',
639
1110
  scanner: 'deserialization',
640
1111
  cvss: {
@@ -651,11 +1122,12 @@ exports.CONFIG_VULNERABILITIES = {
651
1122
  remediation: 'Never use serialization libraries that can deserialize functions. Use JSON.parse() for data interchange. Avoid node-serialize and similar libraries. Implement input validation.',
652
1123
  },
653
1124
  [error_codes_js_1.VulnerabilityCode.CLICK_PARTIAL_PROTECTION]: {
654
- id: 83,
1125
+ id: 250,
655
1126
  code: error_codes_js_1.VulnerabilityCode.CLICK_PARTIAL_PROTECTION,
656
1127
  title: 'Clickjacking - Partial Protection',
657
1128
  description: 'Incomplete clickjacking protection where X-Frame-Options or frame-ancestors CSP is only applied on some pages, uses weak values like ALLOW-FROM with bypassable origins, or has inconsistent implementation allowing certain pages to be framed.',
658
1129
  severity: 'low',
1130
+ levelId: 4,
659
1131
  category: 'configuration',
660
1132
  scanner: 'security-headers',
661
1133
  cvss: {
@@ -672,11 +1144,12 @@ exports.CONFIG_VULNERABILITIES = {
672
1144
  remediation: 'Apply consistent frame protection across all pages. Use DENY or SAMEORIGIN rather than ALLOW-FROM. Audit all endpoints for missing protection. Use CSP frame-ancestors instead of X-Frame-Options.',
673
1145
  },
674
1146
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE]: {
675
- id: 84,
1147
+ id: 251,
676
1148
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XCONTENT_TYPE,
677
1149
  title: 'Missing Security Header - X-Content-Type-Options',
678
1150
  description: 'The application does not set X-Content-Type-Options: nosniff header, allowing browsers to perform MIME-type sniffing that can lead to XSS attacks when user-uploaded content is served with incorrect Content-Type and browsers execute it as script.',
679
1151
  severity: 'low',
1152
+ levelId: 4,
680
1153
  category: 'configuration',
681
1154
  scanner: 'security-headers',
682
1155
  cvss: {
@@ -693,11 +1166,12 @@ exports.CONFIG_VULNERABILITIES = {
693
1166
  remediation: 'Add X-Content-Type-Options: nosniff header to all responses. Ensure correct Content-Type headers are set for all resources. Validate file types before serving user uploads.',
694
1167
  },
695
1168
  [error_codes_js_1.VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID]: {
696
- id: 1009,
1169
+ id: 252,
697
1170
  code: error_codes_js_1.VulnerabilityCode.HEADER_XCONTENT_TYPE_INVALID,
698
1171
  title: 'Invalid Security Header - X-Content-Type-Options',
699
1172
  description: 'The X-Content-Type-Options header is present but misconfigured (not set to nosniff), which can allow MIME sniffing and reduce protection against content-type confusion.',
700
1173
  severity: 'low',
1174
+ levelId: 4,
701
1175
  category: 'configuration',
702
1176
  scanner: 'security-headers',
703
1177
  cvss: {
@@ -714,11 +1188,12 @@ exports.CONFIG_VULNERABILITIES = {
714
1188
  remediation: 'Set X-Content-Type-Options to nosniff on all responses to prevent MIME sniffing.',
715
1189
  },
716
1190
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY]: {
717
- id: 85,
1191
+ id: 253,
718
1192
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_REFERRER_POLICY,
719
1193
  title: 'Missing Security Header - Referrer-Policy',
720
1194
  description: 'The application does not implement Referrer-Policy header, potentially leaking sensitive URL information including session tokens, user IDs, or query parameters to external sites when users click links or resources are loaded from third-party domains.',
721
1195
  severity: 'low',
1196
+ levelId: 4,
722
1197
  category: 'configuration',
723
1198
  scanner: 'security-headers',
724
1199
  cvss: {
@@ -735,11 +1210,12 @@ exports.CONFIG_VULNERABILITIES = {
735
1210
  remediation: 'Implement Referrer-Policy header with strict-origin-when-cross-origin or no-referrer policy. Avoid passing sensitive data in URLs. Use POST requests for sensitive operations.',
736
1211
  },
737
1212
  [error_codes_js_1.VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE]: {
738
- id: 1010,
1213
+ id: 254,
739
1214
  code: error_codes_js_1.VulnerabilityCode.HEADER_REFERRER_POLICY_UNSAFE,
740
1215
  title: 'Unsafe Referrer-Policy Configuration',
741
1216
  description: 'The Referrer-Policy header is set to a permissive value that can leak full URLs and sensitive query parameters to external origins.',
742
1217
  severity: 'low',
1218
+ levelId: 4,
743
1219
  category: 'configuration',
744
1220
  scanner: 'security-headers',
745
1221
  cvss: {
@@ -756,11 +1232,12 @@ exports.CONFIG_VULNERABILITIES = {
756
1232
  remediation: 'Use strict-origin-when-cross-origin or no-referrer to minimize leakage of sensitive URL data.',
757
1233
  },
758
1234
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY]: {
759
- id: 86,
1235
+ id: 255,
760
1236
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_PERMISSIONS_POLICY,
761
1237
  title: 'Missing Security Header - Permissions-Policy',
762
1238
  description: 'The application does not implement Permissions-Policy (formerly Feature-Policy) header, allowing embedded frames or malicious scripts to access sensitive browser features like camera, microphone, geolocation, or payment APIs without explicit permission.',
763
1239
  severity: 'info',
1240
+ levelId: 5,
764
1241
  category: 'configuration',
765
1242
  scanner: 'security-headers',
766
1243
  cvss: {
@@ -777,11 +1254,12 @@ exports.CONFIG_VULNERABILITIES = {
777
1254
  remediation: 'Add Permissions-Policy header restricting access to sensitive features. Disable features not needed by the application. Use () syntax to disallow features for all origins.',
778
1255
  },
779
1256
  [error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION]: {
780
- id: 87,
1257
+ id: 256,
781
1258
  code: error_codes_js_1.VulnerabilityCode.HEADER_MISSING_XSS_PROTECTION,
782
1259
  title: 'Missing Security Header - X-XSS-Protection',
783
1260
  description: 'The legacy X-XSS-Protection header is not set. While deprecated in modern browsers, it can provide defense-in-depth for older browsers that still honor this header for their built-in XSS auditor feature.',
784
1261
  severity: 'info',
1262
+ levelId: 5,
785
1263
  category: 'configuration',
786
1264
  scanner: 'security-headers',
787
1265
  cvss: {
@@ -798,11 +1276,12 @@ exports.CONFIG_VULNERABILITIES = {
798
1276
  remediation: 'Set X-XSS-Protection: 0 to disable (recommended per OWASP) or use CSP instead. The XSS auditor has been removed from modern browsers due to security issues with block mode.',
799
1277
  },
800
1278
  [error_codes_js_1.VulnerabilityCode.HEADER_COEP_WITHOUT_COOP]: {
801
- id: 108,
1279
+ id: 257,
802
1280
  code: error_codes_js_1.VulnerabilityCode.HEADER_COEP_WITHOUT_COOP,
803
1281
  title: 'Header Misconfiguration - COEP Without COOP',
804
1282
  description: 'Cross-Origin-Embedder-Policy (COEP) is set without Cross-Origin-Opener-Policy (COOP), which can create inconsistent cross-origin isolation behavior and indicate incomplete or misapplied security header strategy for isolation-sensitive applications.',
805
1283
  severity: 'info',
1284
+ levelId: 5,
806
1285
  category: 'configuration',
807
1286
  scanner: 'security-headers',
808
1287
  cvss: {
@@ -819,11 +1298,12 @@ exports.CONFIG_VULNERABILITIES = {
819
1298
  remediation: 'If cross-origin isolation is required, deploy COEP together with COOP and validate the intended policy combination. Otherwise remove COEP to avoid confusing or inconsistent isolation posture.',
820
1299
  },
821
1300
  [error_codes_js_1.VulnerabilityCode.HEADER_CORP_UNUSUAL]: {
822
- id: 109,
1301
+ id: 258,
823
1302
  code: error_codes_js_1.VulnerabilityCode.HEADER_CORP_UNUSUAL,
824
1303
  title: 'Header Misconfiguration - Unusual CORP Value',
825
1304
  description: 'Cross-Origin-Resource-Policy (CORP) is set to a non-standard value, which may indicate a misconfiguration that provides no effective protection or creates unpredictable resource loading behavior across origins.',
826
1305
  severity: 'info',
1306
+ levelId: 5,
827
1307
  category: 'configuration',
828
1308
  scanner: 'security-headers',
829
1309
  cvss: {
@@ -840,11 +1320,12 @@ exports.CONFIG_VULNERABILITIES = {
840
1320
  remediation: 'Use valid CORP values (same-origin, same-site, or cross-origin) and confirm the chosen policy aligns with the resource sharing model of the application.',
841
1321
  },
842
1322
  [error_codes_js_1.VulnerabilityCode.HEADER_EXPECT_CT_PRESENT]: {
843
- id: 110,
1323
+ id: 259,
844
1324
  code: error_codes_js_1.VulnerabilityCode.HEADER_EXPECT_CT_PRESENT,
845
1325
  title: 'Deprecated Header - Expect-CT Present',
846
1326
  description: 'The Expect-CT header is present even though the feature is deprecated and no longer enforced by major browsers, adding unnecessary configuration surface without meaningful security benefit.',
847
1327
  severity: 'info',
1328
+ levelId: 5,
848
1329
  category: 'configuration',
849
1330
  scanner: 'security-headers',
850
1331
  cvss: {
@@ -861,11 +1342,12 @@ exports.CONFIG_VULNERABILITIES = {
861
1342
  remediation: 'Remove Expect-CT unless you have a legacy operational requirement, and focus on TLS configuration and certificate transparency monitoring via modern tooling.',
862
1343
  },
863
1344
  [error_codes_js_1.VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT]: {
864
- id: 111,
1345
+ id: 260,
865
1346
  code: error_codes_js_1.VulnerabilityCode.HEADER_SERVER_HEADER_PRESENT,
866
1347
  title: 'Information Exposure - Server Header Present',
867
1348
  description: 'The Server header reveals technology or version details that can assist attackers with fingerprinting and targeted exploitation, increasing the likelihood of tailored attacks against known software weaknesses.',
868
1349
  severity: 'info',
1350
+ levelId: 5,
869
1351
  category: 'configuration',
870
1352
  scanner: 'security-headers',
871
1353
  cvss: {
@@ -882,11 +1364,12 @@ exports.CONFIG_VULNERABILITIES = {
882
1364
  remediation: 'Configure the web server or reverse proxy to minimize or remove Server header details and avoid exposing version strings in responses.',
883
1365
  },
884
1366
  [error_codes_js_1.VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT]: {
885
- id: 112,
1367
+ id: 261,
886
1368
  code: error_codes_js_1.VulnerabilityCode.HEADER_X_POWERED_BY_PRESENT,
887
1369
  title: 'Information Exposure - X-Powered-By Present',
888
1370
  description: 'The X-Powered-By header discloses framework or runtime information that can be used to fingerprint the application stack and target known vulnerabilities in specific platforms or versions.',
889
1371
  severity: 'info',
1372
+ levelId: 5,
890
1373
  category: 'configuration',
891
1374
  scanner: 'security-headers',
892
1375
  cvss: {
@@ -903,11 +1386,12 @@ exports.CONFIG_VULNERABILITIES = {
903
1386
  remediation: 'Disable X-Powered-By headers in application frameworks or reverse proxies to reduce stack fingerprinting exposure.',
904
1387
  },
905
1388
  [error_codes_js_1.VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED]: {
906
- id: 113,
1389
+ id: 262,
907
1390
  code: error_codes_js_1.VulnerabilityCode.HEADER_X_XSS_PROTECTION_ENABLED,
908
1391
  title: 'Deprecated Header - X-XSS-Protection Enabled',
909
1392
  description: 'The X-XSS-Protection header is enabled, which is deprecated and can introduce security risks or inconsistent behavior in legacy browsers due to the removed XSS auditor feature.',
910
1393
  severity: 'low',
1394
+ levelId: 4,
911
1395
  category: 'configuration',
912
1396
  scanner: 'security-headers',
913
1397
  cvss: {
@@ -924,11 +1408,12 @@ exports.CONFIG_VULNERABILITIES = {
924
1408
  remediation: 'Prefer modern CSP protections and set X-XSS-Protection: 0 or remove the header to avoid relying on deprecated behavior.',
925
1409
  },
926
1410
  [error_codes_js_1.VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE]: {
927
- id: 114,
1411
+ id: 263,
928
1412
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SAMESITE_NONE_WITHOUT_SECURE,
929
1413
  title: 'Cookie Misconfiguration - SameSite=None Without Secure',
930
1414
  description: 'A cookie is configured with SameSite=None but lacks the Secure attribute, enabling cross-site transmission over unencrypted connections and undermining cookie integrity and confidentiality controls.',
931
1415
  severity: 'medium',
1416
+ levelId: 3,
932
1417
  category: 'configuration',
933
1418
  scanner: 'security-headers',
934
1419
  cvss: {
@@ -945,11 +1430,12 @@ exports.CONFIG_VULNERABILITIES = {
945
1430
  remediation: 'Set Secure when SameSite=None is used and ensure the application is served exclusively over HTTPS.',
946
1431
  },
947
1432
  [error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE]: {
948
- id: 115,
1433
+ id: 264,
949
1434
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_SECURE,
950
1435
  title: 'Cookie Misconfiguration - Session Cookie Missing Secure',
951
1436
  description: 'Session or authentication cookies are missing the Secure attribute, allowing them to be transmitted over unencrypted connections and increasing the risk of session hijacking or credential theft.',
952
1437
  severity: 'high',
1438
+ levelId: 2,
953
1439
  category: 'configuration',
954
1440
  scanner: 'security-headers',
955
1441
  cvss: {
@@ -966,11 +1452,12 @@ exports.CONFIG_VULNERABILITIES = {
966
1452
  remediation: 'Apply the Secure attribute to all session cookies and enforce HTTPS with HSTS to prevent downgrade to plaintext.',
967
1453
  },
968
1454
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SECURE]: {
969
- id: 116,
1455
+ id: 265,
970
1456
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SECURE,
971
1457
  title: 'Cookie Misconfiguration - Missing Secure Attribute',
972
1458
  description: 'Cookies are set without the Secure attribute, permitting transmission over plaintext HTTP and exposing cookie contents to network interception or manipulation.',
973
1459
  severity: 'medium',
1460
+ levelId: 3,
974
1461
  category: 'configuration',
975
1462
  scanner: 'security-headers',
976
1463
  cvss: {
@@ -987,11 +1474,12 @@ exports.CONFIG_VULNERABILITIES = {
987
1474
  remediation: 'Set the Secure attribute on cookies that should only be transmitted over HTTPS.',
988
1475
  },
989
1476
  [error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY]: {
990
- id: 117,
1477
+ id: 266,
991
1478
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SESSION_MISSING_HTTPONLY,
992
1479
  title: 'Cookie Misconfiguration - Session Cookie Missing HttpOnly',
993
1480
  description: 'Session or authentication cookies are missing the HttpOnly attribute, allowing client-side scripts to access sensitive cookie values and increasing the impact of XSS attacks.',
994
1481
  severity: 'high',
1482
+ levelId: 2,
995
1483
  category: 'configuration',
996
1484
  scanner: 'security-headers',
997
1485
  cvss: {
@@ -1008,11 +1496,12 @@ exports.CONFIG_VULNERABILITIES = {
1008
1496
  remediation: 'Set HttpOnly on session cookies to reduce access from client-side scripts and pair with CSP to mitigate XSS risk.',
1009
1497
  },
1010
1498
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_HTTPONLY]: {
1011
- id: 118,
1499
+ id: 267,
1012
1500
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_HTTPONLY,
1013
1501
  title: 'Cookie Misconfiguration - Missing HttpOnly Attribute',
1014
1502
  description: 'Cookies are missing the HttpOnly attribute, allowing JavaScript access to cookie values and increasing the potential impact of client-side script injection.',
1015
1503
  severity: 'medium',
1504
+ levelId: 3,
1016
1505
  category: 'configuration',
1017
1506
  scanner: 'security-headers',
1018
1507
  cvss: {
@@ -1029,11 +1518,12 @@ exports.CONFIG_VULNERABILITIES = {
1029
1518
  remediation: 'Add HttpOnly to cookies that should not be accessed by JavaScript to reduce the impact of XSS.',
1030
1519
  },
1031
1520
  [error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SAMESITE]: {
1032
- id: 119,
1521
+ id: 268,
1033
1522
  code: error_codes_js_1.VulnerabilityCode.COOKIE_MISSING_SAMESITE,
1034
1523
  title: 'Cookie Misconfiguration - Missing SameSite Attribute',
1035
1524
  description: 'Cookies do not specify SameSite, which can allow cross-site requests to include cookies by default and increase exposure to CSRF-style attacks or cross-site leakage.',
1036
1525
  severity: 'medium',
1526
+ levelId: 3,
1037
1527
  category: 'configuration',
1038
1528
  scanner: 'security-headers',
1039
1529
  cvss: {
@@ -1050,11 +1540,12 @@ exports.CONFIG_VULNERABILITIES = {
1050
1540
  remediation: 'Set SameSite=Lax for general cookies or SameSite=Strict where appropriate to reduce cross-site cookie inclusion.',
1051
1541
  },
1052
1542
  [error_codes_js_1.VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID]: {
1053
- id: 120,
1543
+ id: 269,
1054
1544
  code: error_codes_js_1.VulnerabilityCode.COOKIE_HOST_PREFIX_INVALID,
1055
1545
  title: 'Cookie Misconfiguration - __Host- Prefix Violations',
1056
1546
  description: 'Cookies with the __Host- prefix do not meet required attributes (Secure, Path=/, no Domain), weakening the protections provided by host-only cookie semantics.',
1057
1547
  severity: 'medium',
1548
+ levelId: 3,
1058
1549
  category: 'configuration',
1059
1550
  scanner: 'security-headers',
1060
1551
  cvss: {
@@ -1071,11 +1562,12 @@ exports.CONFIG_VULNERABILITIES = {
1071
1562
  remediation: 'Ensure __Host- cookies include Secure, Path=/, and omit the Domain attribute to preserve host-only guarantees.',
1072
1563
  },
1073
1564
  [error_codes_js_1.VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID]: {
1074
- id: 121,
1565
+ id: 270,
1075
1566
  code: error_codes_js_1.VulnerabilityCode.COOKIE_SECURE_PREFIX_INVALID,
1076
1567
  title: 'Cookie Misconfiguration - __Secure- Prefix Violations',
1077
1568
  description: 'Cookies with the __Secure- prefix are missing the Secure attribute, which defeats the prefix requirement and weakens transport security protections.',
1078
1569
  severity: 'medium',
1570
+ levelId: 3,
1079
1571
  category: 'configuration',
1080
1572
  scanner: 'security-headers',
1081
1573
  cvss: {
@@ -1092,11 +1584,12 @@ exports.CONFIG_VULNERABILITIES = {
1092
1584
  remediation: 'Set the Secure attribute for all __Secure- cookies and ensure HTTPS is enforced across the application.',
1093
1585
  },
1094
1586
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CSP]: {
1095
- id: 122,
1587
+ id: 271,
1096
1588
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CSP,
1097
1589
  title: 'Header Drift - Content-Security-Policy Inconsistent',
1098
1590
  description: 'Content-Security-Policy is present on some paths but missing on others, creating uneven defenses and potentially exposing unprotected routes to script injection or content loading risks.',
1099
1591
  severity: 'low',
1592
+ levelId: 4,
1100
1593
  category: 'configuration',
1101
1594
  scanner: 'security-headers',
1102
1595
  cvss: {
@@ -1113,11 +1606,12 @@ exports.CONFIG_VULNERABILITIES = {
1113
1606
  remediation: 'Apply CSP consistently across relevant responses, including error and authentication pages, to avoid gaps in policy coverage.',
1114
1607
  },
1115
1608
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_HSTS]: {
1116
- id: 123,
1609
+ id: 272,
1117
1610
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_HSTS,
1118
1611
  title: 'Header Drift - Strict-Transport-Security Inconsistent',
1119
1612
  description: 'Strict-Transport-Security is present on some paths but missing on others, reducing the effectiveness of HTTPS enforcement and creating mixed transport behavior across the site.',
1120
1613
  severity: 'low',
1614
+ levelId: 4,
1121
1615
  category: 'configuration',
1122
1616
  scanner: 'security-headers',
1123
1617
  cvss: {
@@ -1134,11 +1628,12 @@ exports.CONFIG_VULNERABILITIES = {
1134
1628
  remediation: 'Ensure HSTS is set uniformly on HTTPS responses so the browser can enforce strict transport for the entire origin.',
1135
1629
  },
1136
1630
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE]: {
1137
- id: 124,
1631
+ id: 273,
1138
1632
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XCONTENT_TYPE,
1139
1633
  title: 'Header Drift - X-Content-Type-Options Inconsistent',
1140
1634
  description: 'X-Content-Type-Options is present on some paths but missing on others, allowing inconsistent MIME sniffing behavior that could expose unprotected routes to content-type confusion.',
1141
1635
  severity: 'low',
1636
+ levelId: 4,
1142
1637
  category: 'configuration',
1143
1638
  scanner: 'security-headers',
1144
1639
  cvss: {
@@ -1155,11 +1650,12 @@ exports.CONFIG_VULNERABILITIES = {
1155
1650
  remediation: 'Apply X-Content-Type-Options: nosniff across all relevant responses to avoid inconsistent browser behavior.',
1156
1651
  },
1157
1652
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY]: {
1158
- id: 125,
1653
+ id: 274,
1159
1654
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_REFERRER_POLICY,
1160
1655
  title: 'Header Drift - Referrer-Policy Inconsistent',
1161
1656
  description: 'Referrer-Policy is present on some paths but missing on others, leading to inconsistent referrer leakage controls and potential exposure of sensitive URL data.',
1162
1657
  severity: 'low',
1658
+ levelId: 4,
1163
1659
  category: 'configuration',
1164
1660
  scanner: 'security-headers',
1165
1661
  cvss: {
@@ -1176,11 +1672,12 @@ exports.CONFIG_VULNERABILITIES = {
1176
1672
  remediation: 'Set a consistent Referrer-Policy across responses to standardize referrer leakage controls.',
1177
1673
  },
1178
1674
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XFRAME]: {
1179
- id: 126,
1675
+ id: 275,
1180
1676
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_XFRAME,
1181
1677
  title: 'Header Drift - X-Frame-Options Inconsistent',
1182
1678
  description: 'X-Frame-Options or equivalent framing controls are present on some paths but missing on others, creating uneven clickjacking protection across the site.',
1183
1679
  severity: 'low',
1680
+ levelId: 4,
1184
1681
  category: 'configuration',
1185
1682
  scanner: 'security-headers',
1186
1683
  cvss: {
@@ -1197,11 +1694,12 @@ exports.CONFIG_VULNERABILITIES = {
1197
1694
  remediation: 'Apply X-Frame-Options or CSP frame-ancestors consistently to avoid unprotected pages.',
1198
1695
  },
1199
1696
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY]: {
1200
- id: 127,
1697
+ id: 276,
1201
1698
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_PERMISSIONS_POLICY,
1202
1699
  title: 'Header Drift - Permissions-Policy Inconsistent',
1203
1700
  description: 'Permissions-Policy is present on some paths but missing on others, leading to inconsistent controls over browser features such as geolocation, camera, or microphone.',
1204
1701
  severity: 'low',
1702
+ levelId: 4,
1205
1703
  category: 'configuration',
1206
1704
  scanner: 'security-headers',
1207
1705
  cvss: {
@@ -1218,11 +1716,12 @@ exports.CONFIG_VULNERABILITIES = {
1218
1716
  remediation: 'Apply Permissions-Policy consistently for pages that should restrict access to sensitive browser features.',
1219
1717
  },
1220
1718
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COOP]: {
1221
- id: 128,
1719
+ id: 277,
1222
1720
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COOP,
1223
1721
  title: 'Header Drift - COOP Inconsistent',
1224
1722
  description: 'Cross-Origin-Opener-Policy is present on some paths but missing on others, which can lead to uneven cross-origin isolation guarantees and inconsistent window isolation behavior.',
1225
1723
  severity: 'low',
1724
+ levelId: 4,
1226
1725
  category: 'configuration',
1227
1726
  scanner: 'security-headers',
1228
1727
  cvss: {
@@ -1239,11 +1738,12 @@ exports.CONFIG_VULNERABILITIES = {
1239
1738
  remediation: 'Apply COOP consistently where cross-origin isolation is required and validate the policy across all relevant routes.',
1240
1739
  },
1241
1740
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COEP]: {
1242
- id: 129,
1741
+ id: 278,
1243
1742
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_COEP,
1244
1743
  title: 'Header Drift - COEP Inconsistent',
1245
1744
  description: 'Cross-Origin-Embedder-Policy is present on some paths but missing on others, resulting in inconsistent embedding restrictions and cross-origin isolation posture.',
1246
1745
  severity: 'low',
1746
+ levelId: 4,
1247
1747
  category: 'configuration',
1248
1748
  scanner: 'security-headers',
1249
1749
  cvss: {
@@ -1260,11 +1760,12 @@ exports.CONFIG_VULNERABILITIES = {
1260
1760
  remediation: 'Apply COEP consistently on routes that are intended to enforce cross-origin embedding controls.',
1261
1761
  },
1262
1762
  [error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CORP]: {
1263
- id: 130,
1763
+ id: 279,
1264
1764
  code: error_codes_js_1.VulnerabilityCode.HEADER_DRIFT_CORP,
1265
1765
  title: 'Header Drift - CORP Inconsistent',
1266
1766
  description: 'Cross-Origin-Resource-Policy is present on some paths but missing on others, which can leave inconsistent controls on resource sharing and embedding across the application.',
1267
1767
  severity: 'low',
1768
+ levelId: 4,
1268
1769
  category: 'configuration',
1269
1770
  scanner: 'security-headers',
1270
1771
  cvss: {