YAML安全漏洞
Shoulder检测到20个特定于使用YAML构建的YAML应用程序的安全模式。
框架覆盖
漏洞类别
CWE-250
8 规则
Execution with Unnecessary Privileges
3 critical
CWE-319
2 规则
Cleartext Transmission of Sensitive Information
CWE-668
2 规则
Exposure of Resource to Wrong Sphere
1 critical
CWE-732
2 规则
Incorrect Permission Assignment for Critical Resource
CWE-1188
2 规则
Insecure Default Initialization of Resource
CWE-284
1 规则
Improper Access Control
CWE-400
1 规则
Uncontrolled Resource Consumption
CWE-798
1 规则
Use of Hard-coded Credentials
1 critical
CWE-829
1 规则
Inclusion of Functionality from Untrusted Control Sphere