Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › Which OWASP category covers using libraries with…

Which OWASP category covers using libraries with KNOWN CVEs?

AA01: Broken Access Control
BA03: Injection
CA06: Vulnerable and Outdated Components
DA10: SSRF
Answer & Solution
Correct answer: C. A06: Vulnerable and Outdated Components
1. A06: VULNERABLE AND OUTDATED COMPONENTS (2021, was 'Using Components with Known Vulnerabilities' in 2017). 2. Modern apps inherit hundreds of third-party libraries — any one with a known CVE can compromise the whole app. 3. Notable cases: • Equifax 2017 breach: unpatched Apache Struts (CVE-2017-5638) — exposed 147M records. • Log4Shell 2021: Log4j RCE (CVE-2021-44228) — internet-wide emergency patching event. 4. MITIGATIONS: software composition analysis (SCA) tools (Dependabot, Snyk), regular dep updates, dependency pinning + auto-merge of security patches. 5. SBOM (Software Bill of Materials): inventory of every component for visibility. _Source: OWASP Top 10 2021 — A06: Vulnerable and Outdated Components._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions