Invicti Product Release Notes
16 Mar 2023
v23.3.0
Version information: 23.3.0.39944
New security checks
- Added package.json Configuration File attack pattern.
- Added new File Upload Injection pattern.
- Added SSRF (Equinix) vulnerability.
- Added Swagger user interface Out-of-Date vulnerability.
- Added a file upload injection pattern.
- Added StackPath CDN Identified vulnerability.
- Added Insecure Usage of Version 1 GUID vulnerability.
- Added JBoss Web Console JMX Invoker check.
- Added Windows Server check.
- Added Windows CE check.
- Added Cloudflare Identified, Cloudflare Bot Management, Cloudflare Browser Insights, and cdnjs checks.
- Added Varnish Version Disclosure vulnerability check.
- Added Stack Trace Disclosure (Apache Shiro) vulnerability check.
- Added Java Servlet Ouf-of-Date vulnerability check.
- Added AEM Detected vulnerability check.
- Added CDN Detected(JsDelivr) vulnerability check.
Improvements
- Improved the scan compression algorithm to lower the size of the scan data.
- Improved WS_FTP Log vulnerability test pattern.
- Improved X-XSS-Protection Header Issue vulnerability template.
- Improved MySQL Database Error Message attack pattern.
- Improved XML External Entity Injection vulnerability test pattern.
- Improved Forced Browsing List.
- Added CWE classification for Insecure HTTP Usage.
- Added GraphQL Attack Usage to existing test patterns by default.
Fixes
- Fixed an issue that may cause out-of-memory when cloning callbacks of the browser.
- Fixed the update issue in the Proof node in the Knowledge Base panel.