🔥 3-day streak
CompTIA CySA+ (CS0-003)73 / 147
Question 73 of 147
A CySA+ analyst runs a software composition analysis (SCA) scan against a Node.js application build. The report flags a critical remote code execution vulnerability in a logging library. Investigation shows the development team never directly imported this library; it was pulled in automatically by a charting package listed in package.json. The charting package itself has no fix that removes the vulnerable dependency. What is the MOST appropriate first action for the analyst to recommend?
Reviewed for accuracy · Report an issueNext question