snipe/snipe-it vulnerabilities

licenses detected
- MIT
  >=v3.0-alpha, <v3.0
- AGPL-3.0
  >=v0.1.0, <v3.0-alpha; >=v3.0

Direct Vulnerabilities

Known vulnerabilities in the snipe/snipe-it package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	>0.0.0
M CSV Injection	>=0.0.0
H Remote Code Execution (RCE)	<7.0.10
H Missing Authorization	<6.4.2
M Cross-site Request Forgery (CSRF)	<6.2.3
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<6.2.2
M Cross-site Scripting (XSS)	<6.0.14
M Improper Access Control	<6.0.14
M Access Restriction Bypass	<6.0.11
L Cross-site Scripting (XSS)	<6.0.11
M Session Fixation	<6.0.10
M Arbitrary File Upload	<6.3.2
M Arbitrary File Upload	>=0.0.0
M Information Exposure	>=0.3.0-alpha, <5.3.8
M Access Restriction Bypass	<5.4.4
C Cross-site Scripting (XSS)	<5.4.4
H Cross-site Scripting (XSS)	<5.4.3
H Business Logic Errors	<5.4.2
M Information Exposure	<5.4.0
M Improper Privilege Management	<5.4.0
M Access Restriction Bypass	<5.3.10
M Information Exposure	<5.3.10
M Improper Access Control	<6.0.0-RC-1
M Improper Access Control	<5.3.7
M Cross-site Request Forgery (CSRF)	>=0.0.0, <v5.3.6
M Cross-site Scripting (XSS)	<5.3.5
M Access Restriction Bypass	>=0.0.0, <v5.3.4
L Server-side Request Forgery (SSRF)	<6.0.0-RC-1
M Cross-site Scripting (XSS)	<5.3.3
M Cross-site Scripting (XSS)	<5.3.2
L Cross-site Scripting (XSS)	>=0.0.0, <v5.3.2
M Cross-site Request Forgery (CSRF)	>=0.0.0, <v5.3.2
M Cross-site Request Forgery (CSRF)	<5.3.0
M Cross-site Scripting (XSS)	<5.3.0
M Cross-site Scripting (XSS)	<5.3.0
M Cross-site Scripting (XSS)	<4.6.14