# Using Components with Known Vulnerabilities (CWE-1035)

The product relies on components that have known security vulnerabilities.

- Prevalence: 高 无 Shoulder 规则
- Impact: 中 OWASP Top 10 #6
- Prevention: 查看 MITRE 外部参考

**OWASP:** Vulnerable and Outdated Components (A06:2021-Vulnerable and Outdated Components) - #6

## Description

Using outdated or vulnerable components exposes the application to known exploits. Attackers often target known vulnerabilities in popular libraries and frameworks.

## Prevention

## Consequences

- 执行未授权代码
- 读取应用程序数据
- 修改应用程序数据
- 拒绝服务 (DoS)

## Mitigations

- 定期将所有依赖更新到已打补丁的版本
- 关注所使用组件的安全公告
- 使用自动化的依赖扫描工具