@zerothreatai/vulnerability-registry 4.0.0 → 5.0.0

package/dist/categories/injection.js

@@ -9,7 +9,7 @@ export const INJECTION_VULNERABILITIES = {
     // SQL INJECTION
     // ========================================
     [VulnerabilityCode.SQLI_ERROR_BASED]: {
-        id: 1,
+        id: 300,
         code: VulnerabilityCode.SQLI_ERROR_BASED,
         title: 'SQL Injection - Error Based',
         description: 'Error-based SQL injection vulnerability detected where database error messages are reflected in the application response, allowing attackers to extract sensitive data from the database by manipulating SQL queries and analyzing error output.',
@@ -31,7 +31,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized queries or prepared statements. Implement input validation and sanitization. Use stored procedures with parameterized inputs. Apply principle of least privilege to database accounts.',
     },
     [VulnerabilityCode.SQLI_BOOLEAN_BASED]: {
-        id: 2,
+        id: 301,
         code: VulnerabilityCode.SQLI_BOOLEAN_BASED,
         title: 'SQL Injection - Boolean Based Blind',
         description: 'Boolean-based blind SQL injection vulnerability where the application responds differently based on whether injected conditions evaluate to true or false, enabling attackers to infer database contents one bit at a time through systematic query manipulation.',
@@ -53,7 +53,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized queries or prepared statements. Implement consistent error handling that does not reveal query success/failure. Apply input validation and output encoding.',
     },
     [VulnerabilityCode.SQLI_TIME_BASED]: {
-        id: 3,
+        id: 302,
         code: VulnerabilityCode.SQLI_TIME_BASED,
         title: 'SQL Injection - Time Based Blind',
         description: 'Time-based blind SQL injection vulnerability where attackers can infer database contents by measuring response time differences caused by injected time delay functions like SLEEP() or WAITFOR, enabling complete database extraction through timing analysis.',
@@ -75,7 +75,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized queries or prepared statements. Implement query timeout limits. Apply input validation and sanitization. Monitor for abnormally slow queries.',
     },
     [VulnerabilityCode.SQLI_STACK_BASED]: {
-        id: 4,
+        id: 303,
         code: VulnerabilityCode.SQLI_STACK_BASED,
         title: 'SQL Injection - Stacked Queries',
         description: 'Critical stacked queries SQL injection vulnerability allowing attackers to execute multiple SQL statements in a single query, enabling destructive operations like DROP TABLE, INSERT into admin tables, or creating backdoor accounts with full database control.',
@@ -97,7 +97,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized queries exclusively. Disable multi-statement execution in database drivers. Implement strict input validation. Apply least privilege database permissions and prevent DDL execution.',
     },
     [VulnerabilityCode.SQLI_UNION_BASED]: {
-        id: 5,
+        id: 304,
         code: VulnerabilityCode.SQLI_UNION_BASED,
         title: 'SQL Injection - UNION Based',
         description: 'UNION-based SQL injection vulnerability allowing attackers to append additional SELECT queries using UNION operator, enabling direct extraction of data from other database tables including user credentials, personal information, and sensitive business data.',
@@ -122,7 +122,7 @@ export const INJECTION_VULNERABILITIES = {
     // COMMAND INJECTION
     // ========================================
     [VulnerabilityCode.CMDI_OOB_CONFIRMED]: {
-        id: 6,
+        id: 305,
         code: VulnerabilityCode.CMDI_OOB_CONFIRMED,
         title: 'OS Command Injection - OOB Confirmed',
         description: 'Critical OS command injection vulnerability confirmed through out-of-band callback detection, proving that attacker-controlled shell commands are being executed on the server operating system with full access to system resources and potential for complete server compromise.',
@@ -144,7 +144,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Avoid system calls with user input entirely. Use language-specific APIs instead of shell commands. Implement strict input validation with allowlists. Run applications with minimal OS privileges in sandboxed environments.',
     },
     [VulnerabilityCode.CMDI_REFLECTED]: {
-        id: 7,
+        id: 306,
         code: VulnerabilityCode.CMDI_REFLECTED,
         title: 'OS Command Injection - Reflected Output',
         description: 'OS command injection vulnerability confirmed by command output being reflected in the application response, indicating that shell commands execute on the server and their results are returned to the attacker for data exfiltration and system reconnaissance.',
@@ -166,7 +166,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Replace shell command execution with native language APIs. Implement strict input validation using allowlists. Escape shell metacharacters if commands are unavoidable. Sandbox application execution environments.',
     },
     [VulnerabilityCode.CMDI_TIME_BASED]: {
-        id: 8,
+        id: 307,
         code: VulnerabilityCode.CMDI_TIME_BASED,
         title: 'OS Command Injection - Time Based',
         description: 'Time-based OS command injection vulnerability detected through measurable response time delays caused by injected sleep or ping commands, strongly indicating that shell commands execute on the server even though output is not directly visible in responses.',
@@ -188,7 +188,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Avoid executing system commands with user input. Use native APIs for required functionality. Implement strict input validation. Set command execution timeouts and monitor for anomalous delays.',
     },
     [VulnerabilityCode.CMDI_ERROR_BASED]: {
-        id: 9,
+        id: 308,
         code: VulnerabilityCode.CMDI_ERROR_BASED,
         title: 'OS Command Injection - Error Based',
         description: 'Potential OS command injection vulnerability indicated by distinctive error messages or system-level exceptions in the application response when malformed shell payloads are submitted, suggesting command execution attempts reach the operating system interpreter.',
@@ -213,7 +213,7 @@ export const INJECTION_VULNERABILITIES = {
     // SERVER-SIDE TEMPLATE INJECTION
     // ========================================
     [VulnerabilityCode.SSTI_JINJA2]: {
-        id: 10,
+        id: 309,
         code: VulnerabilityCode.SSTI_JINJA2,
         title: 'Server-Side Template Injection - Jinja2',
         description: 'Critical server-side template injection vulnerability in Jinja2 (Python/Flask) where user input is processed as template code, enabling attackers to execute arbitrary Python code on the server through template expressions like {{config}} or {{request.application.__globals__}}.',
@@ -235,7 +235,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never pass user input directly to template rendering. Use sandboxed template environments with restricted builtins. Prefer logic-less templates like Mustache. Implement strict input validation before template processing.',
     },
     [VulnerabilityCode.SSTI_TWIG]: {
-        id: 11,
+        id: 310,
         code: VulnerabilityCode.SSTI_TWIG,
         title: 'Server-Side Template Injection - Twig',
         description: 'Critical server-side template injection vulnerability in Twig (PHP/Symfony) where user input is evaluated as template expressions, allowing attackers to execute arbitrary PHP code on the server through filter chains and object method invocations within template syntax.',
@@ -257,7 +257,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Avoid rendering user input as templates. Use Twig sandbox mode with whitelisted tags, filters, and functions. Upgrade to latest Twig version with security patches. Validate and sanitize all inputs.',
     },
     [VulnerabilityCode.SSTI_FREEMARKER]: {
-        id: 12,
+        id: 311,
         code: VulnerabilityCode.SSTI_FREEMARKER,
         title: 'Server-Side Template Injection - FreeMarker',
         description: 'Critical server-side template injection vulnerability in FreeMarker (Java) where user-controlled data is interpreted as template directives, enabling remote code execution through Java class instantiation and method invocation via FreeMarker built-in expressions.',
@@ -279,7 +279,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never interpolate user input into templates. Configure FreeMarker with restricted class resolver. Disable new() built-in and api built-ins. Use template configuration to restrict available classes.',
     },
     [VulnerabilityCode.SSTI_GENERIC]: {
-        id: 13,
+        id: 312,
         code: VulnerabilityCode.SSTI_GENERIC,
         title: 'Server-Side Template Injection - Generic',
         description: 'Server-side template injection vulnerability detected where user input is being processed by a template engine, potentially allowing code execution. The specific template engine could not be determined, but mathematical expression evaluation confirms server-side processing of user input.',
@@ -301,7 +301,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Identify the template engine in use and apply engine-specific mitigations. Never pass user input to template rendering. Use sandboxed template environments. Implement strict input validation.',
     },
     [VulnerabilityCode.SSTI_VELOCITY]: {
-        id: 14,
+        id: 313,
         code: VulnerabilityCode.SSTI_VELOCITY,
         title: 'Server-Side Template Injection - Velocity',
         description: 'Critical server-side template injection vulnerability in Apache Velocity (Java) where user-controlled data is processed as template directives, enabling arbitrary Java code execution through Velocity Template Language expressions and class instantiation.',
@@ -323,7 +323,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never render user input as Velocity templates. Configure SecureUberspector to block dangerous method calls. Use Velocity tools with restricted capabilities. Apply input validation.',
     },
     [VulnerabilityCode.SSTI_THYMELEAF]: {
-        id: 15,
+        id: 314,
         code: VulnerabilityCode.SSTI_THYMELEAF,
         title: 'Server-Side Template Injection - Thymeleaf',
         description: 'Critical server-side template injection vulnerability in Thymeleaf (Spring/Java) where user input is processed as template expressions, enabling remote code execution through SpEL (Spring Expression Language) injection in template attributes.',
@@ -345,7 +345,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never concatenate user input into template expressions. Use th:text for displaying user data. Configure SpringTemplateEngine to restrict expression capabilities.',
     },
     [VulnerabilityCode.SSTI_ERB]: {
-        id: 16,
+        id: 315,
         code: VulnerabilityCode.SSTI_ERB,
         title: 'Server-Side Template Injection - ERB',
         description: 'Critical server-side template injection vulnerability in ERB (Ruby on Rails) where user input is embedded in ERB templates and executed as Ruby code, enabling arbitrary system command execution and complete server compromise through Ruby runtime access.',
@@ -367,7 +367,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never pass user input to ERB.new(). Use Rails html_safe only after proper sanitization. Prefer logic-less templates. Implement strict input validation before any rendering.',
     },
     [VulnerabilityCode.SSTI_EJS]: {
-        id: 17,
+        id: 316,
         code: VulnerabilityCode.SSTI_EJS,
         title: 'Server-Side Template Injection - EJS',
         description: 'Critical server-side template injection vulnerability in EJS (Node.js) where user-controlled data is processed as template code, allowing arbitrary JavaScript execution on the server through embedded JavaScript expressions and access to Node.js runtime.',
@@ -389,7 +389,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never pass user input directly to ejs.render(). Use ejs.escape() for user data. Pass data through template locals only. Consider switching to logic-less templates like Handlebars.',
     },
     [VulnerabilityCode.SSTI_PUG]: {
-        id: 18,
+        id: 317,
         code: VulnerabilityCode.SSTI_PUG,
         title: 'Server-Side Template Injection - Pug/Jade',
         description: 'Critical server-side template injection vulnerability in Pug (formerly Jade, Node.js) where user input is interpreted as template syntax, enabling arbitrary JavaScript code execution through Pug embedded code blocks and access to server-side Node.js environment.',
@@ -411,7 +411,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Never compile user input as Pug templates. Pass user data only through template locals. Avoid pug.compile() with user-controlled template strings. Use static templates only.',
     },
     [VulnerabilityCode.SSTI_SMARTY]: {
-        id: 19,
+        id: 318,
         code: VulnerabilityCode.SSTI_SMARTY,
         title: 'Server-Side Template Injection - Smarty',
         description: 'Critical server-side template injection vulnerability in Smarty (PHP) where user input is processed as template code, enabling arbitrary PHP code execution through Smarty tags and function calls that can lead to complete server compromise.',
@@ -433,7 +433,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Enable Smarty security_policy to restrict allowed tags and modifiers. Never pass user input to template compilation. Disable {php} tags. Use Smarty 3+ with security features enabled.',
     },
     [VulnerabilityCode.SSTI_MAKO]: {
-        id: 20,
+        id: 319,
         code: VulnerabilityCode.SSTI_MAKO,
         title: 'Server-Side Template Injection - Mako',
         description: 'Critical server-side template injection vulnerability in Mako (Python) where user-controlled data is executed as template code, enabling arbitrary Python code execution through Mako expressions and full access to the Python runtime environment.',
@@ -458,7 +458,7 @@ export const INJECTION_VULNERABILITIES = {
     // XXE (XML EXTERNAL ENTITY) - Additional
     // ========================================
     [VulnerabilityCode.XXE_ERROR_BASED]: {
-        id: 21,
+        id: 320,
         code: VulnerabilityCode.XXE_ERROR_BASED,
         title: 'XML External Entity Injection - Error Based',
         description: 'Error-based XXE vulnerability where file contents can be extracted through parser error messages by crafting malformed external entities that include file data in error output, enabling data exfiltration even when direct output is not reflected.',
@@ -480,7 +480,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Disable DTD processing entirely in XML parser configuration. Suppress detailed error messages in production. Implement custom error handlers that do not expose file contents.',
     },
     [VulnerabilityCode.XXE_PARAMETER_ENTITY]: {
-        id: 22,
+        id: 321,
         code: VulnerabilityCode.XXE_PARAMETER_ENTITY,
         title: 'XML External Entity Injection - Parameter Entity',
         description: 'XXE vulnerability exploiting parameter entities in DTD declarations to exfiltrate data or perform SSRF attacks when regular external entities are blocked, by using percent-encoded entity references within the document type definition.',
@@ -505,7 +505,7 @@ export const INJECTION_VULNERABILITIES = {
     // LOCAL FILE INCLUSION - Additional
     // ========================================
     [VulnerabilityCode.LFI_FILTER_BYPASS]: {
-        id: 23,
+        id: 322,
         code: VulnerabilityCode.LFI_FILTER_BYPASS,
         title: 'Local File Inclusion - Filter Bypass',
         description: 'Local file inclusion vulnerability that bypasses input validation filters through encoding tricks (URL encoding, double encoding, null bytes), alternate path separators, or case manipulation to access files despite security controls.',
@@ -527,7 +527,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use canonicalization after decoding before validation. Implement allowlist of permitted files instead of blocklist. Validate resolved paths are within expected directories.',
     },
     [VulnerabilityCode.LFI_PROC_DISCLOSURE]: {
-        id: 24,
+        id: 323,
         code: VulnerabilityCode.LFI_PROC_DISCLOSURE,
         title: 'Local File Inclusion - Process Information Disclosure',
         description: 'LFI vulnerability enabling access to /proc filesystem on Linux systems, exposing process memory maps, environment variables with credentials, command line arguments, and other runtime information that can reveal secrets and aid further attacks.',
@@ -552,7 +552,7 @@ export const INJECTION_VULNERABILITIES = {
     // XXE (XML EXTERNAL ENTITY)
     // ========================================
     [VulnerabilityCode.XXE_CLASSIC]: {
-        id: 25,
+        id: 324,
         code: VulnerabilityCode.XXE_CLASSIC,
         title: 'XML External Entity Injection - Classic',
         description: 'Classic XXE vulnerability where external XML entities are processed by the parser, allowing attackers to read local files like /etc/passwd or application configuration files by defining external entities that reference file:// protocol URIs in the XML document type definition.',
@@ -574,7 +574,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Disable DTD processing entirely. Disable external entity resolution in XML parser configuration. Use less complex data formats like JSON where possible. Validate and sanitize XML input.',
     },
     [VulnerabilityCode.XXE_BLIND]: {
-        id: 26,
+        id: 325,
         code: VulnerabilityCode.XXE_BLIND,
         title: 'XML External Entity Injection - Blind',
         description: 'Blind XXE vulnerability where external entities are processed but file contents are not directly returned in the response. Exploitation requires out-of-band techniques like error-based extraction or HTTP callbacks to exfiltrate data from the target server.',
@@ -596,7 +596,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Disable DTD and external entity processing in XML parser. Block outbound network connections from XML processing servers. Use JSON instead of XML where possible.',
     },
     [VulnerabilityCode.XXE_OOB]: {
-        id: 27,
+        id: 326,
         code: VulnerabilityCode.XXE_OOB,
         title: 'XML External Entity Injection - Out-of-Band',
         description: 'Critical out-of-band XXE vulnerability confirmed through external HTTP/DNS callbacks, proving the XML parser fetches external resources. This enables data exfiltration through URL parameters and server-side request forgery attacks against internal network resources.',
@@ -622,7 +622,7 @@ export const INJECTION_VULNERABILITIES = {
     // LOCAL FILE INCLUSION
     // ========================================
     [VulnerabilityCode.LFI_PATH_TRAVERSAL]: {
-        id: 28,
+        id: 327,
         code: VulnerabilityCode.LFI_PATH_TRAVERSAL,
         title: 'Local File Inclusion - Path Traversal',
         description: 'Path traversal vulnerability allowing attackers to read arbitrary files on the server by manipulating file path parameters with directory traversal sequences like ../ to escape the intended directory and access sensitive system or application configuration files.',
@@ -645,7 +645,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Validate all file path inputs against an allowlist of permitted files. Canonicalize paths and verify they remain within expected directories. Use indirect file references instead of direct paths.',
     },
     [VulnerabilityCode.LFI_SOURCE_DISCLOSURE]: {
-        id: 29,
+        id: 328,
         code: VulnerabilityCode.LFI_SOURCE_DISCLOSURE,
         title: 'Local File Inclusion - Source Code Disclosure',
         description: 'Critical source code disclosure vulnerability where application source files can be read through file inclusion, exposing proprietary code, hardcoded credentials, API keys, database connection strings, and security implementation details that facilitate further attacks.',
@@ -668,7 +668,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use allowlist validation for file access. Store source files outside web root. Implement proper access controls on file reading functionality. Remove any debug endpoints that read files.',
     },
     [VulnerabilityCode.LFI_WRAPPER_PROTOCOL]: {
-        id: 30,
+        id: 329,
         code: VulnerabilityCode.LFI_WRAPPER_PROTOCOL,
         title: 'Local File Inclusion - PHP Wrapper Protocol',
         description: 'PHP wrapper protocol exploitation where filter or data wrappers like php://filter or php://input can be used to read source files as base64, write arbitrary files, or achieve remote code execution through deserialization when phar:// wrapper is enabled.',
@@ -690,7 +690,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Disable allow_url_include and allow_url_fopen in PHP configuration. Filter and validate all file path inputs. Block protocol wrappers in user input. Use allowlist for file access.',
     },
     [VulnerabilityCode.XPATH_AUTH_BYPASS]: {
-        id: 136,
+        id: 330,
         code: VulnerabilityCode.XPATH_AUTH_BYPASS,
         title: 'XPath Injection - Authentication Bypass',
         description: 'XPath injection vulnerability where crafted input manipulates XPath queries to bypass authentication or authorization checks, allowing attackers to log in as other users or access protected resources without valid credentials.',
@@ -712,7 +712,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized XPath queries or safe APIs that separate data from query logic. Validate and constrain user input for XPath contexts. Use allowlists and avoid dynamic XPath string concatenation.',
     },
     [VulnerabilityCode.XPATH_DATA_EXTRACTION]: {
-        id: 137,
+        id: 331,
         code: VulnerabilityCode.XPATH_DATA_EXTRACTION,
         title: 'XPath Injection - Data Extraction',
         description: 'XPath injection vulnerability that allows attackers to read or enumerate sensitive XML data by manipulating query predicates, leading to disclosure of user data, configuration, or credentials stored in XML-backed systems.',
@@ -734,7 +734,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use safe XPath APIs with variables/bind parameters. Apply strict input validation and encoding for XPath contexts. Restrict accessible XML data and apply least-privilege access controls.',
     },
     [VulnerabilityCode.XPATH_BLIND]: {
-        id: 138,
+        id: 332,
         code: VulnerabilityCode.XPATH_BLIND,
         title: 'XPath Injection - Blind',
         description: 'Blind XPath injection vulnerability where attackers infer query results through boolean or timing differences, enabling gradual extraction of sensitive XML data despite no direct response output.',
@@ -756,7 +756,7 @@ export const INJECTION_VULNERABILITIES = {
         remediation: 'Use parameterized XPath queries and input validation. Normalize error and response behaviors to reduce side-channel differences. Apply rate limiting to limit inference attacks.',
     },
     [VulnerabilityCode.XPATH_ERROR_BASED]: {
-        id: 139,
+        id: 333,
         code: VulnerabilityCode.XPATH_ERROR_BASED,
         title: 'XPath Injection - Error Based',
         description: 'XPath injection vulnerability where malformed input triggers verbose error messages that reveal query structure or XML data, enabling attackers to craft precise XPath exploits or extract sensitive information.',