Skip to main content
Skip table of contents

Kotlin Mobile

Note: The legacy Mend SAST Application was deprecated on April 1st, 2025. For assistance with migrating to the Mend AppSec Platform, please contact your customer success manager or the success team at success@mend.io.

This article covers Kotlin Mobile support and vulnerability detection for Mend SAST.

Mend SAST-supported Kotlin Mobile file types

File Type

.kt

.ktm

.kts

Mend SAST-supported Kotlin Mobile vulnerability types

The Kotlin Mobile vulnerability types detected by SAST are provided below and organized by CWE ID within each of their identified severities.

Kotlin Mobile high-severity vulnerability types

CWE

Vulnerability Type

CWE-22

Path/Directory Traversal

CWE-73

File Manipulation

CWE-78

Command Injection

CWE-79

Cross-Site Scripting

CWE-89

SQL Injection

CWE-89

External SQL Injection

CWE-94

Code Injection

CWE-94

Server Pages Execution

CWE-94

Arbitrary Code Injection

CWE-502

Deserialization of Untrusted Data

CWE-643

XPath Injection

CWE-918

Server-Side Request Forgery

Kotlin Mobile medium-severity vulnerability types

CWE

Vulnerability Type

CWE-90

LDAP Injection

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (location)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (Data Storage)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor (Shared Preference )

CWE-209

Log Messages Information Leak

CWE-209

Error Messages Information Exposure

CWE-209

Console Output

CWE-244

Heap Inspection

CWE-295

Man in the Middle Attack

CWE-338

Weak Pseudo-Random

CWE-400

Sleep Denial of Service

CWE-400

Regex Denial of Service (ReDoS)

CWE-472

Hidden HTML Input

CWE-501

Trust Boundary Violation

CWE-611

XML External Entity (XXE) Injection

CWE-676

Miscellaneous Dangerous Functions

CWE-676

External URL

CWE-676

Mobile Miscellaneous

CWE-749

WebView Exposure

CWE-798

Hardcoded Password/Credentials

CWE-926

Improper Export of Android Application Components (Intents)

Kotlin Mobile low-severity vulnerability types

CWE

Vulnerability Type

CWE-16

Security Misconfiguration

CWE-20

Session Poisoning

CWE-20

System Properties Change

CWE-20

Mail Relay

CWE-20

Cookie Injection

CWE-113

HTTP Header Injection

CWE-113

HTTP Response Splitting

CWE-117

Log Forging

CWE-326

Weak Encryption Strength

CWE-434

File Upload

CWE-497

System Properties Disclosure

CWE-530

Dangerous File Extensions

CWE-601

Unvalidated/Open Redirect

CWE-916

Weak Hash Strength

CWE-941

Arbitrary Server Connection

CWE-1004

Cookie Without 'HttpOnly' Flag

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.