448 – Use of software with malware
Description
One or more dependencies used in the project contains code or components suspected of being compromised by malware or malicious behavior.
Impact
- Unauthorized access and complete control of the application infrastructure. - Disruption of critical services and loss of availability. - Possible spread of malware to other applications, servers or networks, increasing the magnitude of the attack.
Recommendation
- Review the origin and integrity of affected dependencies. - Upgrade to secure versions or alternatives without known risks. - Perform security audits and code analysis for vulnerabilities. - Perform additional testing to verify that there are no compromises in the production environment.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: N
- Attack complexity: H
- Attack Requirements: N
- Privileges required: L
- User interaction: N
- Confidentiality (VC): H
- Integrity (VI): H
- Availability (VA): H
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: A