Cleartext Transmission of Sensitive Information
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The code uses urllib.request.urlretrieve() to download files over an unencrypted HTTP connection. This exposes data to anyone on the network and does not protect against tampering or eavesdropping.
Impact#
Attackers could intercept or modify files downloaded by your application, potentially injecting malicious code or stealing sensitive information. Users and systems relying on the downloaded content may be put at risk, and organizational data integrity can be compromised.