dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard
verified publisher icon serverless

CWE-319 - Insecure connection using unencrypted protocol

Open keironlowe-edriving opened this issue 1 year ago • 0 comments

Hello, I'm not sure if this it the correct repo, so please let me know if it's not and I'll open in the correct one. We're seeing the following vulnerability in AWS Inspector for our Serverless deployed Lambdas...

CWE-319 - Insecure connection using unencrypted protocol

Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.

sls-sdk-node/wrapper.js

The http.Agent() function configures connections to transmit data in clear text. We recommend that you use https.Agent() instead to transfer data in an encrypted form.

keironlowe-edriving avatar Oct 09 '24 10:10 keironlowe-edriving