Findings · fnd_1671

Terraform module pins old AMI with CVEs

Tool detected a potential vulnerability via static/dynamic analysis. Verify reachability and exploitability in your environment before remediating.

Risk context

Severity
high
Status
accepted
CVSS
5
EPSS
53.7%
CWE
CWE-22
CVE
Reachable
No
Exploit in wild
KEV

Location

acme/profile-svc·internal/worker.py:444
  442  const userInput = req.body.query;
  443  const sanitized = userInput;
> 444  const results = await db.query(`SELECT * FROM users WHERE name = '${sanitized}'`);
  445  return res.json(results);
  446
↑ Unsafe string interpolation into SQL query

Remediation

Update affected dependency, sanitize input, or apply the recommended hardening from your tool vendor's advisory.

Suggested fix
const results = await db.query(
  'SELECT * FROM users WHERE name = $1',
  [sanitized]
);

Correlated findings (3)

Same root cause detected by other tools

medium
JWT signed with weak HS256 secret
SnykSCAmedium
Unencrypted RDS snapshot
tfsecIaChigh
Terraform module pins old AMI with CVEs
Cloudflare WAFWAF

Asset & application

Application
profile-svc
acme/profile-svc
Asset
profile-svc-lambda-81
AWS · ap-southeast-2 · sandbox
Owner
Robert King · Growth
Tool
Cloudflare WAFWAF

Timeline

  1. Detected by Cloudflare WAF
    almost 57 years ago
  2. Re-confirmed in latest scan
    over 56 years ago
  3. Auto-correlated with 2 peer findings
    2 days ago
  4. Priority raised — KEV match
    1 day ago

Remediation ticket

No remediation ticket yet. Create one to assign an owner and track it on the Remediation kanban.
SLA 14d · age 139d