Open reecebenson opened 1 month ago
I'm doing a review of my AWS Inspector stack and was stumped when reviewing the following vulnerability:
When trying to determine where this vulnerability was showing from, it seems as though it comes from the following dependency tree:
serverless→ @serverless/dashboard-plugin → @aws-sdk/client-cloudformation → @aws-sdk/credential-provider-node → @smithy/credential-provider-imds
serverless
@serverless/dashboard-plugin
@aws-sdk/client-cloudformation
@aws-sdk/credential-provider-node
@smithy/credential-provider-imds
This leads me to the only occurrence of a static string that begins with http:// which resulted in the following file:
http://
/** * @internal */ export enum Endpoint { IPv4 = "http://169.254.169.254", IPv6 = "http://[fd00:ec2::254]", }
Is there any way to remediate this as being a constant string so that it isn't picked up by AWS Inspector?
I'm doing a review of my AWS Inspector stack and was stumped when reviewing the following vulnerability:
When trying to determine where this vulnerability was showing from, it seems as though it comes from the following dependency tree:
serverless
→@serverless/dashboard-plugin
→@aws-sdk/client-cloudformation
→@aws-sdk/credential-provider-node
→@smithy/credential-provider-imds
This leads me to the only occurrence of a static string that begins with
http://
which resulted in the following file:Is there any way to remediate this as being a constant string so that it isn't picked up by AWS Inspector?