snipe/snipe-it vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the snipe/snipe-it package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Arbitrary File Upload	<8.3.3
H Deserialization of Untrusted Data	<8.1.18
M Cross-site Scripting (XSS)	<8.1.18
M Direct Request ('Forced Browsing')	<8.1.0
M Cross-site Scripting (XSS)	>0.0.0
M CSV Injection	>=0.0.0
H Remote Code Execution (RCE)	<7.0.10
H Missing Authorization	<6.4.2
M Cross-site Request Forgery (CSRF)	<6.2.3
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<6.2.2
M Cross-site Scripting (XSS)	<6.0.14
M Improper Access Control	<6.0.14
M Access Restriction Bypass	<6.0.11
L Cross-site Scripting (XSS)	<6.0.11
M Session Fixation	<6.0.10
M Arbitrary File Upload	<6.3.2
M Arbitrary File Upload	>=0.0.0
M Information Exposure	>=0.3.0-alpha, <5.3.8
M Access Restriction Bypass	<5.4.4
C Cross-site Scripting (XSS)	<5.4.4
H Cross-site Scripting (XSS)	<5.4.3
H Business Logic Errors	<5.4.2
M Information Exposure	<5.4.0
M Improper Privilege Management	<5.4.0
M Access Restriction Bypass	<5.3.10
M Information Exposure	<5.3.10
M Improper Access Control	<6.0.0-RC-1
M Improper Access Control	<5.3.7
M Cross-site Request Forgery (CSRF)	>=0.0.0, <v5.3.6
M Cross-site Scripting (XSS)	<5.3.5
M Access Restriction Bypass	>=0.0.0, <v5.3.4
L Server-side Request Forgery (SSRF)	<6.0.0-RC-1
M Cross-site Scripting (XSS)	<5.3.3
M Cross-site Scripting (XSS)	<5.3.2
L Cross-site Scripting (XSS)	>=0.0.0, <v5.3.2
M Cross-site Request Forgery (CSRF)	>=0.0.0, <v5.3.2
M Cross-site Request Forgery (CSRF)	<5.3.0
M Cross-site Scripting (XSS)	<5.3.0
M Cross-site Scripting (XSS)	<5.3.0
M Cross-site Scripting (XSS)	<4.6.14

Vulnerability

Vulnerable Version

Arbitrary File Upload

<8.3.3