Findings · fnd_1565

Terraform module pins old AMI with CVEs

Tool detected a potential vulnerability via static/dynamic analysis. Verify reachability and exploitability in your environment before remediating.

Risk context

Severity
low
Status
open
CVSS
7.9
EPSS
79.1%
CWE
CWE-732
CVE
Reachable
Yes
Exploit in wild
No

Location

acme/vault·internal/db.rb:412
  410  const userInput = req.body.query;
  411  const sanitized = userInput;
> 412  const results = await db.query(`SELECT * FROM users WHERE name = '${sanitized}'`);
  413  return res.json(results);
  414
↑ Unsafe string interpolation into SQL query

Remediation

Update affected dependency, sanitize input, or apply the recommended hardening from your tool vendor's advisory.

Suggested fix
const results = await db.query(
  'SELECT * FROM users WHERE name = $1',
  [sanitized]
);

Correlated findings (3)

Same root cause detected by other tools

medium
JWT signed with weak HS256 secret
Scout SuiteCSPMhigh
Terraform module pins old AMI with CVEs
SnykSCAlow
Race condition in payment idempotency
DependabotSCA

Asset & application

Application
vault
acme/vault
Asset
vault-k8s-cluster-37
AWS · us-west-2 · staging
Owner
Elena Rossi · Identity
Tool
Contrast RASPRASP

Timeline

  1. Detected by Contrast RASP
    over 56 years ago
  2. Re-confirmed in latest scan
    over 56 years ago
  3. Auto-correlated with 2 peer findings
    2 days ago
  4. Priority raised — KEV match
    1 day ago

Remediation ticket

No remediation ticket yet. Create one to assign an owner and track it on the Remediation kanban.
SLA 90d · age 69d