Upon running the below command for a node.js project
bearer scan .
bearer detects LOW: Security misconfiguration detected. [CWE-693] vulnerability.
After using this and this article as reference, I have tried both the below mentioned approaches.
Approach 1: disabling the header
app.disable('x-powered-by');
Approach 2: removing the header by middleware
app.use(function (req, res, next) {
res.removeHeader("X-Powered-By");
next();
});
Can someone help me rectify if I am doing something wrong or is it a problem with bearer being unable to detect the fix for CWE-693?
The bearer version I am using is v1.16.0
Currently, I have skipped the rule to get around it by using
skip-rule: ['javascript_express_reduce_fingerprint']
I have raised an issue as well regarding the same.
