YUDDHA Autonomous Defender Exposes Critical SQL Injection in /rest/user/login Endpoint

The YUDDHA platform's autonomous security agent, KAVACH, has autonomously identified and patched a critical SQL injection vulnerability in a live application. The flaw, classified as OWASP A03:2021 - Injection, was found in the `/rest/user/login` endpoint of a target service running on `juiceshop:3000`. The vulnerability was verified using the Mistral model and sandbox testing, confirming its severity and the successful application of a patch to the `server.ts` source file.

The specific vulnerability allowed for classic SQL injection attacks, with a proof-of-concept payload of `' OR 1=1 --`. The autonomous system traced the flaw directly to the real source code within the project repository, pinpointing the vulnerable route definitions in the `server.ts` file. This discovery highlights a direct path for unauthorized authentication bypass, a critical risk for any system handling user credentials.

The autonomous patching process, flagged as 'VERIFIED', demonstrates the operational shift towards AI-driven, continuous security remediation. This incident underscores the persistent threat of injection attacks even in modern web applications and validates the role of autonomous systems in identifying and fixing such flaws at the source code level before exploitation.