Invicti Product Release Notes
09 Jul 2024
v24.7.0 - 9 July 2024
New Security Checks
- Added a new security check to identify supply chain attacks through Polyfill JS
- Added a detection for GeoServer SQLi vulnerability (CVE-2023-25157)
- Added checks for various WordPress plugins
Improvements
- Improved Credit Card Disclosure Security Check
- Added custom headers for communication between Agents and Invicti Hawk
- Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
- Improved various Sensitive Data Exposure security checks
- Improved the detection of the Short SSL Key Length vulnerability
- Added the capability to check for Sensitive Data in XML responses
Fixes
- Fixed missing Request Body content in vulnerability details
- Fixed an issue with the 'IgnoreCertificateErrors' Agent setting for SSL Validation
- Fixed a problem in the JWT Engine to resolve a false positive issue
- Fixed an issue related to the OTA app scan
- Fixed HTTP 413 responses resulting from nonce cookies stacking