Leakage of sensitive data in exception message

Overview

Rule ID: javascript_lang_exception
Applicable Languages: Javascript
Weakness ID: CWE-210

Description

Leakage of sensitive data in exception messages can lead to data breaches. This vulnerability arises when sensitive information, such as system details or user data, is included in exception messages. Such exposure can provide unauthorized users with valuable insights into the application's internal workings or access to confidential information, increasing the risk of a security breach.

Remediation Guidelines

Do not include sensitive data in exception messages. This can inadvertently expose personal or confidential information.
```
throw new CustomError(`Error with ${user.email}`) // unsafe
```
Do use non-sensitive, unique identifiers in exception messages to maintain user privacy and data security.
```
throw new CustomError(`Error with ${user.uuid}`)
```

References

CWE-210: Self-generated Error Message Containing Sensitive Information

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousLeakage of sensitive data in dynamic file generation NextLeakage of sensitive data in JWT

Last updated 1 month ago