Issue Types (Node.js)

RIPS scans your JavaScript code for security flaws. These are classified as exploitable security vulnerabilities or security-related code quality issues.

Exploitable Security Issues (51)

Name

Severity

CWE [?]

OWASP TOP 10 (2010) [?]

OWASP TOP 10 (2013) [?]

OWASP TOP 10 (2017) [?]

SANS 25 [?]

PCI DSS [?]

ASVS 3.01 [?]

Command Injection

Critical

78

A1

A1

A1

2

6.5.1

5.12

Code Injection

Critical

95

A1

A1

A1

18

6.5.1

16.4

Code Injection (eval modifier)

Critical

624

A1

A1

A1

18

6.5.1

16.4

SQL Injection

Critical

89

A1

A1

A1

1

6.5.1

5.10

File Inclusion

High

98

A4

A4

A5

13

6.5.8

5.13

LDAP Injection

High

90

A1

A1

A1


6.5.1


Path Traversal

High

22

A4

A4

A5

13

6.5.8

9.5

Authorization Bypass Through User-Controlled Key

High

639

A4

A4

A5

15

6.5.8


Denial of Service (regex)

High

400







Denial of Service

High

730

A1

A5

A1


6.5.5


XSLT Injection

Medium

494

A1

A1

A1

9

6.5.1

5.14

XQuery Injection

Medium

652

A1

A1

A1


6.5.1

5.14

XPath Injection

Medium

643

A1

A1

A1


6.5.1

5.14

XML/XXE Injection

Medium

91

A1

A1

A4


6.5.1

5.14

File Manipulation

Medium

732

A4

A4

A5

17

6.5.8

9.5

File Create

Medium

73

A4

A4

A5

13

6.5.8

16.2

File Upload

Medium

434


A5

A5

9

6.5.8


NoSQL Injection

Medium

94

A1

A1

A1


6.5.1


File Write

Medium

96

A4

A1

A1

10

6.5.8

16.2

Cross-Site Scripting

Medium

79

A2

A3

A7

4

6.5.7

5.15

MongoDB Injection

Medium

94

A1

A1

A1


6.5.1


Open Redirect

Medium

601

A10

A10

A2

22

6.5.8

16.1

Session Fixation

Medium

384

A3

A2

A2


6.5.10

3.1

HTTP Response Splitting

Low

113

A10

A10

A1



3.1

Server-Side Request Forgery

Low

918

A8

A10

A2


6.5.1

16.1

Weak Cryptography (insufficient key size)

Low

326

A6

A5

A6


6.5.3

7.8

Weak Cryptography (user-controlled parameter)

Low

327

A7




6.5.3

7.11

Resource Injection

Low

93

A9

A4

A5

16

6.5.1


Resource Injection (mail)

Low

93

A9

A4

A5

16

6.5.1


Library Injection

Low

114

A1

A5

A1

11



Resource Injection (FTP)

Low

93

A9

A4

A5

16

6.5.1


Connection String Injection (FTP)

Low

99

A3

A5

A2

16

6.5.4


Connection String Injection

Low

99

A3

A5

A2

16

6.5.4


Log Forging

Low

117

A4

A4

A10



8.8

Weak Password

Low


A6

A5

A6




Disabled Validation

Low


A6

A5

A6




Hardcoded Parameter

Low


A6

A5

A6




Cookie Misconfiguration

Low

494

A6

A5

A6


6.5.10

3.12

Cookie Misconfiguration (expiry)

Low

539

A6

A5

A6


6.5.10

3.4

Cookie Misconfiguration (secure flag)

Low

614

A6

A5

A6


6.5.10


Cookie Misconfiguration (path)

Low

287

A6

A5

A6


6.5.10


Connection String Injection (DBMS)

Low

99

A3

A5

A2

16

6.5.4


Cookie Misconfiguration (httpOnly flag)

Low

200

A6

A5

A6


6.5.10


Weak HTTP Header

Low

644


A5



6.5.4


HTTP Parameter Pollution

Low

233

A10

A10

A2


6.5.4

5.17

Cookie Misconfiguration (domain)

Low

287

A6

A5

A6


6.5.10


Weak Cryptography (broken algorithm)

Low

327

A9

A6

A3

19

6.5.3

7.8

Directory Listing

Low

548

A4

A4

A5

13

6.5.8

4.5

Weak Cryptography (low entropy)

Low

330

A9

A6

A3


6.5.3

7.15

Format String Information Leakage

Low

134


A6



6.5.5


MIME Sniffing Not Disabled

Low

693

A6

A5

A6


6.5.4

v11.6

Code Quality Issues (11)

Name

Severity

CWE [?]

OWASP TOP 10 (2010) [?]

OWASP TOP 10 (2013) [?]

OWASP TOP 10 (2017) [?]

SANS 25 [?]

PCI DSS [?]

ASVS 3.01 [?]

Hard-coded Password

Low

259







Information Leakage

Low

209

A6

A6

A6


6.5.5

8.1

Information Leakage (system)

Low

214

A6

A6

A6


6.5.5

8.1

Trust Boundary Violation

Low

501







Dangerous Feature

Low

242







Weak Hash Function

Low

328

A7






Dynamic SQL Query

Low

89







Deprecated Feature

Low

477







Leftover Debug Code

Low

489







Suspicious Comment

Low

546







Parse error

Low