List of software quality issues with the number of affected components.
category ALL
Policies
Info
Category
Problem
Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. Query parameters are a defined set of parameters (key-value pairs) attached to the end of a URL. Query parameters are used to provide additional information to a web service when making a request. They are an optional, but an important part of the URL, as they may define specific content or actions based on the data being passed. Some data they pass might be considered sensitive information. Since query parameters are not encrypted, this might cause sensitive information to leak. This issue is raised for query parameters that might contain information that attackers can easily intercept. Examples of sensitive information fields include hostname, password, email, IMEI and other similar parameters.
Prevalence in PyPI community
2 packages
found in
Top 100
12 packages
found in
Top 1k
72 packages
found in
Top 10k
2.13k packages
in community
Next steps
Investigate reported detections.
If the software should not include these network references, investigate your build and release environment for software supply chain compromise.
You should delay the software release until the investigation is completed, or until the issue is risk accepted.
Consider changing the query parameters for flagged network locations.