JavaScript Security Rules
Reshift Scans your custom JavaScript code for security bugs, below are the security issues Reshift detects.
Security Issue
Severity
CWE
OWASP Top 10
PCI DSS
Command Injection
Critical
78
A1
6.5.1
Indirect Command Injection
Critical
78
A1
6.5.1
Shell Command Injection
Critical
78
A1
6.5.1
SQL Injection
Critical
89
A1
6.5.1
NoSQL Injection
Critical
89
A1
6.5.1
Insecure Code Execution
Critical
94
A1
Insecure Code Execution (Dynamic Method)
Critical
94
A1
Insecure Access to File System
High
22
A5
ZipSlip
High
22
A5
Cross-Site Scripting
High
79
A7
Cross-Site Scripting (Stored)
High
79
A7
Cross-Site Scripting (DOM)
High
79
A7
Potential Backdoor
High
Prototype Pollution
High
400
A1
Prototype Pollution Utility
High
400
A1
Remote Prototype Pollution
High
400
A1
Insecure Deserialization
High
502
A8
XML External Entity Injection
High
611
A4
XML Entity Expansion
High
776
A4
XPath Injection
High
643
A1
6.5.1
Unvalidated Dynamic Method Call
High
754
A1
Sensitive Data Leakage
High
798
A3
6.5.1
Insecure File upload
Hight
912
A6
Insecure Input Validation (URL Scheme)
Moderate
20
Insecure Input Validation (URL Substring)
Moderate
20
Insecure Comparison Check
Moderate
20
Insecure Regex Expression (Anchor)
Moderate
20
Insecure Regex Expression (Character Escape)
Moderate
20
Insecure Input Validation (Incomplete Hostname)
Moderate
20
A5
Command Injection (Use of Cat)
Moderate
78
A1
6.5.1
Cross-Site Scripting (Exception)
Moderate
79
A7
Cross-Site Scripting (Reflected)
Moderate
79
A7
Cross-Site Scripting (DOM)
Moderate
79
A7
Insecure Encoding
Moderate
116
A7
Insecure Input Sanitization
Moderate
116
Insecure Format String
Moderate
134
Sensitive Data Exposure
Moderate
209
A3
Sensitive Data Exposure (Post Message)
Moderate
201
A3
Insecure Logging
Moderate
312
A10
6.5.1
Password in Configuration File
Moderate
313
A6
Insecure Cryptographic Algorithm
Moderate
327
A3
Insecure Random Number Generation
Moderate
338
A3
CORS Misconfiguration
Moderate
346
A6
Cross-Site Request Forgery
Moderate
352
Missing X-Frame Options
Moderate
451
Password in Configuration File
Moderate
506
A6
Client-side URL Redirection
Moderate
601
Server-side URL Redirection
Moderate
601
A2
Host Header Poisoning
Moderate
640
Insecure Regex Expression (Injection)
Moderate
730
A1
Missing Rate Limit
Moderate
770
Security Control Bypass
Moderate
807
A5
Parameter Tampering
Moderate
843
A5
Denial of Service (Infinite Loop)
Moderate
834
Insecure Hashing Algorithm
Moderate
916
A3
Server-Side Request Forgery
Moderate
918
A2
Last modified 7mo ago
Copy link