Property
Language
Severity
CWE	CWE-415: Double Free
OWASP	A03:2021 - Injection
Confidence Level	Low
Impact Level	High
Likelihood Level	Low

Description

The code frees the same memory pointer more than once, which is known as a double free vulnerability. This happens when free() is called on a pointer that has already been freed, without resetting or reassigning it first.

Impact

Double free vulnerabilities can lead to program crashes, memory corruption, or allow attackers to execute arbitrary code. This may result in denial of service or potentially give an attacker control over your application, risking data theft or system compromise.

Property
Language
Severity
Vulnerability Type	omission

Description

Multiple FROM statements in a Dockerfile are using the same alias name, which is not allowed. This causes Docker to overwrite earlier build stages, leading to ambiguous or failed builds.

Impact

If exploited, build processes may break or produce unintended images, potentially introducing vulnerabilities, missing dependencies, or incorrect application binaries into production environments.

Resolution

Change aliases to make them different

Property
Language
Severity
Service	dynamodb
Provider	AWS

Description

DynamoDB tables are configured to use AWS-managed encryption keys instead of customer-managed KMS keys, limiting control over key management, rotation, and access policies. This reduces the ability to customize encryption practices to organizational security requirements.

Impact

Relying on AWS-managed keys restricts granular control over how table data is encrypted and who can access or rotate the keys. If compromised, sensitive data could be at greater risk due to less stringent or customizable key management, potentially leading to unauthorized data exposure or compliance issues.

Property
Language
Severity
Service	ec2
Provider	AWS

Description

EBS volumes are encrypted using default AWS-managed keys instead of customer-managed KMS keys. This limits control over encryption settings such as key rotation, policy management, and access permissions.

Impact

Relying on AWS-managed keys reduces the ability to enforce granular security controls and meet compliance requirements. If compromised, there is less visibility and flexibility in managing encryption keys, increasing the risk of unauthorized data access or regulatory violations.

Property
Language
Severity
Service	ec2
Provider	AWS
Vulnerability Type	omission

Description

EBS volumes are being created without encryption enabled, meaning data stored on these volumes is not protected at rest. This exposes the underlying data, disk I/O, and any derived snapshots to potential unauthorized access if intercepted.

Impact

If EBS volumes remain unencrypted, sensitive data may be accessed by unauthorized parties through compromised storage, backups, or snapshots, leading to data breaches and potential regulatory violations.

Property
Language
Severity
Service	ecr
Provider	AWS
Vulnerability Type	omission

Description

ECR image tags are set to mutable, allowing existing image tags to be overwritten. This permits unauthorized or accidental replacement of container images associated with a given tag.

Impact

If exploited, attackers or insiders could replace trusted container images with malicious versions under the same tag, enabling code injection, supply chain attacks, or unauthorized access, which can compromise application integrity and security.

Property
Language
Severity
Service	ecr
Provider	AWS
Vulnerability Type	omission

Description

ECR repositories are configured without image scanning enabled, preventing automated detection of vulnerabilities in container images during the push process. This allows potentially insecure images to be stored and deployed without security review.

Impact

Without image scanning, vulnerabilities in container images may go unnoticed, increasing the risk of deploying software with known security flaws. Attackers could exploit these weaknesses to gain unauthorized access, compromise applications, or escalate privileges within the environment.

Property
Language
Severity
Service	ecr
Provider	AWS
Vulnerability Type	misconfiguration

Description

The ECR repository policy allows public access, which means anyone on the internet can read from or write to the repository. This configuration exposes sensitive container images and related artifacts to unauthorized users.

Impact

If exploited, attackers could download, modify, or replace container images, potentially leading to data leaks, deployment of malicious code, and compromise of applications that use these images. This can severely impact the security and integrity of the organization’s infrastructure.

Property
Language
Severity
Service	ecr
Provider	AWS

Description

The ECR repository relies on AWS-managed encryption keys instead of a customer-managed KMS key, limiting control over encryption settings such as key rotation and access policies. This setup does not provide fine-grained management of encrypted container images.

Impact

Without customer-managed keys, security teams cannot enforce custom key rotation schedules or strict access controls. If the AWS-managed key is compromised or misused, there is limited ability to respond, increasing the risk of unauthorized access to sensitive container images.

Property
Language
Severity
Service	ecs
Provider	AWS

Description

ECS clusters are configured without CloudWatch Container Insights enabled, resulting in insufficient monitoring of container-level metrics and logs. This limits visibility into the performance and health of containerized applications.

Impact

Without Container Insights, critical operational data may be missed, hindering the ability to detect, diagnose, and respond to performance issues or security incidents. This can lead to prolonged outages, undetected anomalies, and increased risk of compliance violations.