Elixir Fixes

• 100 – Server-side Request Forgery (SSRF)
• 102 – Email Uniqueness Not Properly Verified
• 106 – NoSQL Injection
• 107 – LDAP Injection
• 108 – Improper Control of Interaction Frequency
• 113 – Improper Type Assignation
• 115 – Security Controls Bypass or Absence
• 119 – Metadata with Sensitive Information
• 120 – Improper Dependency Pinning
• 121 – HTTP Parameter Pollution
• 122 – Email Flooding
• 123 – Local File Inclusion
• 124 – Race Condition
• 125 – Directory Listing
• 127 – Lack of data validation - Type confusion
• 128 – Insecurely generated cookies - HttpOnly
• 129 – Insecurely generated cookies - SameSite
• 130 – Insecurely generated cookies - Secure
• 131 – Insecure or unset HTTP headers - Strict Transport Security
• 132 – Insecure or unset HTTP headers - X-Content-Type-Options
• 134 – Insecure or unset HTTP headers - CORS
• 135 – Insecure or unset HTTP headers - X-XSS Protection
• 136 – Insecure or unset HTTP headers - Cache Control
• 137 – Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies
• 141 – Lack of Data Validation - URL
• 142 – Sensitive information in source code - API Key
• 145 – Inappropriate coding practices - Cyclomatic complexity
• 146 – SQL Injection
• 148 – Use of Insecure Channel - FTP in Applications
• 149 – Use of Insecure SMTP Channel
• 152 – Insecure or unset HTTP headers - X-Frame Options
• 153 – Insecure or unset HTTP headers - Accept
• 154 – Time-based SQL Injection
• 155 – SQL Injection via Headers
• 156 – Uncontrolled External Site Redirect
• 159 – Excessive Privileges in Applications
• 160 – Excessive Privileges in Temporary Files in Applications
• 183 – Debugging Enabled in Production
• 184 – Lack of Data Validation
• 185 – Lack of data validation - Header x-amzn-RequestId
• 186 – Lack of data validation - Web Service
• 187 – Lack of data validation - Source Code
• 189 – Lack of data validation - Content Spoofing
• 190 – Lack of data validation - Session Cookie
• 191 – Lack of data validation - Responses
• 192 – Lack of Data Validation - Reflected Parameters
• 193 – Lack of Data Validation - Host Header Injection
• 194 – Lack of Data Validation - Input Length
• 195 – Lack of Data Validation - Headers
• 196 – Lack of Data Validation - Dates
• 197 – Lack of Data Validation - Numbers
• 198 – Lack of Data Validation - Out of Range
• 199 – Lack of Data Validation - Emails
• 200 – Traceability Loss
• 201 – Unauthorized access to files
• 204 – Insufficient data authenticity validation
• 211 – Asymmetric Denial of Service - ReDoS
• 213 – Business Information Leak - JWT
• 214 – Business Information Leak - Credentials
• 217 – Business Information Leak - Credit Cards
• 220 – Business Information Leak - Token
• 221 – Business Information Leak - Users
• 222 – Business Information Leak - DB
• 226 – Business Information Leak - Personal Information
• 228 – Business Information Leak - Analytics
• 231 – Message Flooding
• 235 – Technical Information Leak - Headers
• 238 – Technical Information Leak - API
• 239 – Technical Information Leak - Errors
• 240 – Authentication Mechanism Absence or Evasion - OTP
• 245 – Non-encrypted Confidential Information - Credit Cards
• 246 – Non-encrypted Confidential Information - Database
• 248 – Non-encrypted Confidential Information - LDAP
• 249 – Non-encrypted Confidential Information - Credentials
• 254 – Automatic Information Enumeration - Credit Cards
• 261 – Insecure Encryption Algorithm - DSA
• 262 – Insecure Encryption Algorithm - SHA1
• 263 – Insecure Encryption Algorithm - MD5
• 264 – Insecure Encryption Algorithm - TripleDES
• 265 – Insecure Encryption Algorithm - AES
• 270 – Unauthorized File Creation
• 271 – Insecure functionality - Password management
• 272 – Insecure functionality - Masking
• 273 – Insecure functionality - Fingerprint
• 274 – Restricted Fields Manipulation
• 276 – Sensitive Information Sent Via URL Parameters - Session
• 280 – Session Fixation
• 282 – Insecure encryption algorithm - ECB
• 283 – Automatic information enumeration - Personal Information
• 284 – Non-encrypted confidential information - Base 64
• 286 – Insecure object reference - Personal information
• 287 – Insecure object reference - Corporate information
• 288 – Insecure Object Reference in Credit Card Inquiry
• 290 – Technical information leak - IPs
• 291 – Business information leak - Financial Information
• 295 – Insecure Session Management After Password Change
• 296 – Weak credential policy - Password Change Limit
• 297 – SQL Injection - Code
• 298 – Authentication Mechanism Absence or Evasion - Redirect
• 301 – Concurrent Sessions Control Bypass
• 302 – Insecure Functionality - Session Management
• 305 – Security Controls Bypass or Absence - Data Creation
• 306 – Insecure Object Reference - Files
• 307 – Insecure Object Reference - Data
• 309 – Insecurely Generated Token - JWT
• 317 – Improper Resource Allocation - Memory Leak
• 318 – Insecurely Generated Token - Validation
• 321 – Lack of data validation - HTML code
• 322 – Insecurely Generated Token - Lifespan
• 324 – Insecure Functionality - User Management
• 328 – Insecure Object Reference - Session Management
• 329 – Insecure or Unset HTTP Headers - Content-Type
• 330 – Lack of protection against brute force attacks - Credentials
• 332 – Use of insecure channel - Source code
• 337 – Insecure Session Management - CSRF Fixation
• 340 – Lack of data validation - Special Characters
• 341 – Lack of data validation - OTP
• 345 – Security Controls Bypass or Absence - Session Invalidation
• 353 – Lack of data validation - Token
• 354 – Insecure file upload - Files Limit
• 355 – Insufficient data authenticity validation - Checksum verification
• 362 – Technical information leak - Content response
• 363 – Weak credential policy - Password strength
• 364 – Weak credential policy - Temporary passwords
• 369 – Insecure object reference - User deletion
• 372 – Use of an insecure channel - HTTP
• 378 – Non-encrypted confidential information - Hexadecimal
• 383 – Insecurely generated token - OTP
• 395 – Insecure generation of random numbers - Static IV
• 397 – Insecure authentication method - LDAP
• 404 – OS Command Injection
• 417 – Account Takeover
• 420 – Password Reset Poisoning
• 421 – Insecure encryption algorithm - Insecure Elliptic Curve
• 094 – Insecure Encryption Algorithm - Cipher Block Chaining
• 093 – Hidden Fields Manipulation
• 092 – Insecure Encryption Algorithm - Anonymous Cipher Suites
• 080 – Business Information Leak - Customers or Providers
• 079 – Non-upgradable Dependencies
• 078 – Insecurely Generated Token
• 067 – Improper Resource Allocation
• 066 – Technical Information Leak - Console Functions
• 064 – Traceability Loss - Server's Clock
• 059 – Sensitive Information Stored in Logs
• 052 – Insecure Encryption Algorithm
• 051 – Cracked Weak Credentials
• 050 – Guessed Weak Credentials
• 042 – Insecurely Generated Cookies
• 041 – Enabled Default Credentials
• 039 – Improper Authorization Control for Web Services
• 038 – Business Information Leak
• 037 – Technical Information Leak
• 034 – Insecure Generation of Random Numbers
• 030 – Sensitive Information Sent Via URL Parameters
• 028 – Insecure Temporary Files
• 026 – User Enumeration Vulnerability
• 022 – Use of an Insecure Channel
• 020 – Non-encrypted Confidential Information
• 019 – Administrative Credentials Stored in Cache Memory
• 017 – Sensitive Information Sent Insecurely
• 016 – Insecure Encryption Algorithm - SSL/TLS
• 015 – Insecure Authentication Method - Basic
• 014 – Insecure Functionality
• 013 – Insecure Object Reference
• 011 – Use of Software with Known Vulnerabilities
• 009 – Sensitive Information in Source Code
• 006 – Authentication Mechanism Absence or Evasion Vulnerability
• 005 – Privilege Escalation Vulnerability
• 004 – Remote Command Execution Vulnerability
• 098 – External Control of File Name or Path
• 096 – Insecure Deserialization
• 095 – Data Uniqueness Not Properly Verified
• 090 – CSV injection
• 089 – Lack of data validation - Trust boundary violation
• 087 – Account Lockout
• 083 – XML injection (XXE)
• 076 – Insecure session management
• 068 – Insecure session expiration time
• 063 – Lack of data validation - Path Traversal
• 071 – Insecure or unset HTTP headers - Referrer-Policy
• 062 – Concurrent sessions
• 061 – Remote File Inclusion
• 057 – Asymmetric denial of service - Content length
• 044 – Insecure HTTP methods enabled
• 043 – Insecure or unset HTTP headers - Content-Security-Policy
• 033 – Password change without identity check
• 029 – Inadequate File Size Control
• 023 – Uncontrolled External Site Redirect - Host Header Injection
• 021 – XPath Injection Vulnerability
• 010 – Stored Cross-Site Scripting (XSS)
• 008 – Reflected Cross-Site Scripting (XSS)
• 007 – Cross-Site Request Forgery
• 003 – Symmetric Denial of Service
• 002 – Asymmetric Denial of Service
• 027 – Insecure File Upload
• 053 – Lack of Protection Against Brute Force Attacks
• 091 – Log Injection