SQ31102
Detected presence of actively exploited vulnerabilities.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | high | high | 4 | vulnerabilities: fail Reason: actively exploited vulnerabilities |
About the issueโ
Software composition analysis has identified a component with one or more known vulnerabilities. Available threat intelligence telemetry has confirmed that the reported vulnerabilities are actively being exploited by malicious actors.
How to resolve the issueโ
- We strongly advise updating the component to the latest version.
- If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Understanding vulnerabilities (External resource - National Cyber Security Centre)
- Reducing the Significant Risk of Known Exploited Vulnerabilities (External resource - Cybersecurity & Infrastructure Security Agency)