Deserialization of Untrusted Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| OWASP | A08:2017 - Insecure Deserialization |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
The code establishes a gRPC connection using ‘createInsecure()’, which means data is sent without encryption. This exposes all transmitted information to anyone with access to the network.
Impact#
An attacker could intercept, read, or modify gRPC messages in transit, potentially leading to data leaks, manipulation of requests or responses, and unauthorized access to sensitive operations. This can compromise both user data and the security of your application.