SYM_PY_0074 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The code uses urllib.request.urlretrieve() to download files over an unencrypted HTTP connection. This exposes data to anyone on the network and does not protect against tampering or eavesdropping.
Impact
Attackers could intercept or modify files downloaded by your application, potentially injecting malicious code or stealing sensitive information. Users and systems relying on the downloaded content may be put at risk, and organizational data integrity can be compromised.