CWE-319 - Insecure connection using unencrypted protocol #889
Description
Hello, I'm not sure if this it the correct repo, so please let me know if it's not and I'll open in the correct one. We're seeing the following vulnerability in AWS Inspector for our Serverless deployed Lambdas...
CWE-319 - Insecure connection using unencrypted protocol
Connections that use insecure protocols transmit data in cleartext. This introduces a risk of exposing sensitive data to third parties.
sls-sdk-node/wrapper.jsThe
http.Agent()function configures connections to transmit data in clear text. We recommend that you usehttps.Agent()instead to transfer data in an encrypted form.