โŒ Pipeline BLOCKED โ€” findings detected

5 SAST findings  ยท  0 secret(s)  ยท  12 CVEs  ยท  0 IaC finding(s)  ยท  2 detected by custom rules

5
๐Ÿ” Semgrep Findings
3 errors   2 warnings
0
๐Ÿ”‘ Secrets Detected
secret values redacted
12
๐Ÿ“ฆ CVEs Detected
2 critical   10 high
0
๐Ÿ—๏ธ IaC Findings
0 critical   0 high
CVE Severity Distribution (Trivy)
OWASP Top 10 Coverage (Semgrep)
Custom vs Default Rules
๐Ÿ” SAST Findings (Semgrep)
RuleFileLine SeverityOWASPMessage
sql-injection-db-cursor-executedefault app.py 11 WARNING A03:2021 - Injection User-controlled data from a request is passed to 'execute()'. This could lead to a SQL injection and therefore protected
tainted-sql-stringdefault app.py 14 ERROR A01:2017 - Injection Detected user input used to manually construct a SQL string. This is usually bad practice because manual construction co
flask-open-redirect-request-paramcustom app.py 25 ERROR A01:2021 - Broken Access Control Open redirect: the redirect() target is derived directly from a user-controlled request parameter without validation. An
debug-enableddefault app.py 33 WARNING A06:2017 - Security Misconfiguratio Detected Flask app with debug=True. Do not deploy to production with this flag enabled as it will leak sensitive informa
flask-debug-mode-enabledcustom app.py 33 ERROR A03:2021 - Injection Security misconfiguration: Flask debug mode is enabled. This activates the Werkzeug interactive debugger which allows an
๐Ÿ”‘ Secret Scanning (Gitleaks)
RuleFileLineCommitSecret
No secrets detected
๐Ÿ“ฆ CVEs (Trivy)
CVEPackageInstalled Fixed InSeverityTitle
CVE-2022-22817 Pillow 8.3.0 9.0.1 CRITICAL python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
CVE-2023-50447 Pillow 8.3.0 10.2.0 CRITICAL pillow: Arbitrary Code Execution via the environment parameter
CVE-2023-30861 Flask 1.1.2 2.3.2, 2.2.5 HIGH flask: Possible disclosure of permanent session cookie due to missing Vary: Cook
CVE-2021-23437 Pillow 8.3.0 8.3.2 HIGH python-pillow: possible ReDoS via the getrgb function
CVE-2022-24303 Pillow 8.3.0 9.0.1 HIGH python-pillow: temporary directory with a space character allows removal of unre
CVE-2022-45198 Pillow 8.3.0 9.2.0 HIGH Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...
CVE-2023-44271 Pillow 8.3.0 10.0.0 HIGH python-pillow: uncontrolled resource consumption when textlength in an ImageDraw
CVE-2023-4863 Pillow 8.3.0 10.0.1 HIGH libwebp: Heap buffer overflow in WebP Codec
CVE-2024-28219 Pillow 8.3.0 10.3.0 HIGH python-pillow: buffer overflow in _imagingcms.c
CVE-2023-25577 Werkzeug 1.0.1 2.2.3 HIGH python-werkzeug: high resource usage when parsing multipart form data with many
CVE-2024-34069 Werkzeug 1.0.1 3.0.3 HIGH python-werkzeug: user may execute code on a developer's machine
CVE-2018-18074 requests 2.18.0 2.20.0 HIGH python-requests: Redirect from HTTPS to HTTP does not remove Authorization heade
๐Ÿ—๏ธ IaC Security Findings (tfsec)

Infrastructure-as-code security findings from Terraform source analysis. Findings should be reviewed to distinguish genuine misconfigurations from intentional design decisions and false positives.

RuleResourceSeverity DescriptionResolution
No IaC findings detected