SQ31103
Detected presence of malware-exploited vulnerabilities.
priority | CI/CD status | severity | effort | RL level | RL assessment |
---|---|---|---|---|---|
fail | high | high | 3 | vulnerabilities: fail Reason: malware exploited vulnerabilities |
About the issueโ
Software composition analysis has identified a component with one or more known vulnerabilities. Available threat intelligence telemetry has confirmed that the reported vulnerabilities are actively being exploited by malicious actors. Malware code that propagates through these vulnerabilities has been created. This increases the chance of automated malware attacks affecting the software component users.
How to resolve the issueโ
- We strongly advise updating the component to the latest version.
- If the update can't resolve the issue, create a plan to isolate or replace the affected component.
Incidence statisticsโ
ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes.
For every repository, the chart shows the percentage of projects that triggered the software assurance policy. In other words, it shows how many projects were found to have the specific issue described on this page.
The percentages are calculated from the total amount of packages analyzed:
- RubyGems: 174K
- Nuget: 189K
- PyPi: 403K
- NPM: 2.1M
Recommended readingโ
- Understanding vulnerabilities (External resource - National Cyber Security Centre)
- 9 Common Types of Malware (And How To Prevent Them) (External resource - Purplesec)
- Exploits (External resource - Malwarebytes)