changedetection.io 0.45.21 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the changedetection.io package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via improper handling of errors in `filters`. An attacker can execute arbitrary code in the context of a user's browser by injecting malicious input into the affected component. How to fix Cross-site Scripting (XSS)? Upgrade `changedetection.io` to version 0.50.4 or higher.	[,0.50.4)
C Directory Traversal changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal on URLs received as input. An attacker can read local files via the watch preview functionality. URLs are not sufficiently checked for paths that traverse directories with a "dot-dot" pattern, paths beginning with a space. How to fix Directory Traversal? Upgrade `changedetection.io` to version 0.48.5 or higher.	[,0.48.5)
H Directory Traversal changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal due to improper validation for the file `URI` scheme. An attacker can read any file on the system by crafting a URL that bypasses the intended restrictions on local file access. Note: This issue only affects instances with a `webdriver` enabled, and `ALLOW_FILE_URI` false or not defined. How to fix Directory Traversal? Upgrade `changedetection.io` to version 0.47.6 or higher.	[,0.47.6)
M Directory Traversal changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Directory Traversal via the `Watch.py` and `__init__.py` files, an attacker can read arbitrary files on the system by manipulating the file URL to bypass security checks designed to block traditional file access methods. How to fix Directory Traversal? Upgrade `changedetection.io` to version 0.47.5 or higher.	[,0.47.5)
M Cross-site Scripting (XSS) changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of user input in the `notification_urls` parameter. An attacker can inject malicious scripts into the web page, which are executed in the context of the user's browser session when the malicious URL is visited, or malicious POST data is submitted. How to fix Cross-site Scripting (XSS)? Upgrade `changedetection.io` to version 0.45.22 or higher.	[,0.45.22)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via improper handling of errors in filters. An attacker can execute arbitrary code in the context of a user's browser by injecting malicious input into the affected component.

How to fix Cross-site Scripting (XSS)?

Upgrade changedetection.io to version 0.50.4 or higher.

[,0.50.4)

Directory Traversal

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Directory Traversal on URLs received as input. An attacker can read local files via the watch preview functionality. URLs are not sufficiently checked for paths that traverse directories with a "dot-dot" pattern, paths beginning with a space.

How to fix Directory Traversal?

Upgrade changedetection.io to version 0.48.5 or higher.

[,0.48.5)

Directory Traversal

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Directory Traversal due to improper validation for the file URI scheme. An attacker can read any file on the system by crafting a URL that bypasses the intended restrictions on local file access.

Note: This issue only affects instances with a webdriver enabled, and ALLOW_FILE_URI false or not defined.

How to fix Directory Traversal?

Upgrade changedetection.io to version 0.47.6 or higher.

[,0.47.6)

Directory Traversal

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Directory Traversal via the Watch.py and __init__.py files, an attacker can read arbitrary files on the system by manipulating the file URL to bypass security checks designed to block traditional file access methods.

How to fix Directory Traversal?

Upgrade changedetection.io to version 0.47.5 or higher.

[,0.47.5)

Cross-site Scripting (XSS)

changedetection.io is a Website change detection and monitoring service

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of user input in the notification_urls parameter. An attacker can inject malicious scripts into the web page, which are executed in the context of the user's browser session when the malicious URL is visited, or malicious POST data is submitted.

How to fix Cross-site Scripting (XSS)?

Upgrade changedetection.io to version 0.45.22 or higher.

[,0.45.22)

changedetection.io@0.45.21 vulnerabilities

Website change detection and monitoring service, detect changes to web pages and send alerts/notifications.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically