SYM_JSTS_0178 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code is making HTTP requests to external sites using popular Node.js libraries (like axios, got, or node-rest-client) without encryption. Sending data over plain HTTP means sensitive information can be easily intercepted by attackers.
Impact
If exploited, attackers can eavesdrop on unencrypted network traffic, stealing credentials, session tokens, or other sensitive data. This can lead to account compromise, data breaches, and loss of user trust in your application.