Hello, I'm not sure if this it the correct repo, so please let me know if it's not and I'll open in the correct one. We're seeing the following vulnerability in AWS Inspector for our Serverless deployed Lambdas...
CWE-319 - Insecure connection using unencrypted protocol
Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.
sls-sdk-node/wrapper.js
The http.Agent() function configures connections to transmit data in clear text. We recommend that you use https.Agent() instead to transfer data in an encrypted form.
Hello, I'm not sure if this it the correct repo, so please let me know if it's not and I'll open in the correct one. We're seeing the following vulnerability in AWS Inspector for our Serverless deployed Lambdas...