nemo@3.12.1 vulnerabilities

NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.

Direct Vulnerabilities

Known vulnerabilities in the nemo package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Request Forgery (CSRF)

NEMO is a NEMO is a laboratory logistics web application. Use it to schedule reservations, control tool access, track maintenance issues, and more.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to the 'Delete' button within the buddy_request template, not converting it to a form that submits through POST requests.

How to fix Cross-site Request Forgery (CSRF)?

Upgrade NEMO to version 5.3.0 or higher.

[,5.3.0)