SYM_JSTS_0136 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Deserialization of Untrusted Data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code establishes a gRPC connection using 'createInsecure()', which means data is sent without encryption. This exposes all transmitted information to anyone with access to the network.
Impact
An attacker could intercept, read, or modify gRPC messages in transit, potentially leading to data leaks, manipulation of requests or responses, and unauthorized access to sensitive operations. This can compromise both user data and the security of your application.