grumpydictator/firefly-iii vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the grumpydictator/firefly-iii package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Reliance on a Single Factor in a Security Decision	<6.1.17
M Arbitrary Code Execution	<6.1.7
C Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	<6.1.1
M Insufficient Session Expiration	<6.0.0
M Improper Input Validation	<6.0.6
M Missing Authorization	<6.0.0-alpha.1
M Cross-site Request Forgery (CSRF)	<5.6.5
M Cross-site Request Forgery (CSRF)	<5.6.5
M Cross-site Request Forgery (CSRF)	<5.6.3
M Cross-site Request Forgery (CSRF)	>=0.0.0, <5.6.3
L Cross-site Request Forgery (CSRF)	>=0.0.0, <5.6.3
M Open Redirect	<5.6.2
M Arbitrary File Upload	<5.6.2
M Cross-site Request Forgery (CSRF)	<5.6.1
M Cross-site Request Forgery (CSRF)	>=0.0.0, <5.6.0
M Cross-site Request Forgery (CSRF)	>=0.0.0, <5.6.0
M Cross-site Request Forgery (CSRF)	>=0.0.0, <5.6.0
H Brute Force	<5.5.13
M Cross-site Scripting (XSS)	<4.7.17.6
M Cross-site Scripting (XSS)	<4.7.17.5
M Cross-site Scripting (XSS)	<4.7.17.4
M Cross-site Scripting (XSS)	<4.7.17.4
M Cross-site Scripting (XSS)	<4.7.17.4
M Information Exposure	<4.7.17.4
M Cross-site Scripting (XSS)	<4.7.17.3
M Cross-site Scripting (XSS)	<4.7.17.3
M Cross-site Scripting (XSS)	<4.7.17.2
M Cross-site Scripting (XSS)	<4.7.17.3