SQ31101
Detected presence of patch mandated vulnerabilities.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | high | high | 2 | vulnerabilities: fail Reason: patch mandated vulnerabilities |
About the issueโ
Software composition analysis has identified a component with one or more known vulnerabilities. Available threat intelligence telemetry has confirmed that the reported vulnerabilities are actively being exploited by malicious actors. Regulatory body or a government agency has issued a patching mandate for all software components affected by the identified vulnerabilities.
How to resolve the issueโ
- We strongly advise updating the component to the latest version.
- If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Vulnerability Patching: How to Prioritize and Apply Patches (External resource - eSecurity Planet)
- Understanding vulnerabilities (External resource - National Cyber Security Centre)