This concerns the use of vulnerable components. It is the only category that does not have any CVE (Common Vulnerability and Exposures) mapped to the included CWEs, so the scores are calculated with a predefined weight of 5.0 for exploit and impact.
An outdated package is a system or application dependency that is no longer maintained and can pose a security risk.
A vulnerability affecting such a package could render all software using it vulnerable and become a potential entry point for attackers.
| OWASP Top 10 Application Security Risks - 2021 | Reference |
|---|---|
| A06:2021-Vulnerable and outdated components | OWASP |
A software component that is not maintained and updated will soon become insecure and affected by vulnerabilities that attackers can exploit to compromise the system.Francesco Ongaro
