opensearch-dashboards-fips-2

Direct Vulnerabilities

Known vulnerabilities in the opensearch-dashboards-fips-2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
Inappropriate Comment Style

<2.19.6-r0
  • C
Unintended Proxy or Intermediary ('Confused Deputy')

<2.19.6-r0
  • M
HTTP Response Splitting

<2.19.6-r0
  • M
Improper Authentication

<2.19.6-r0
  • L
GHSA-r4q5-vmmm-2653

<2.19.6-r0
  • H
Directory Traversal

<2.19.6-r0
  • L
GHSA-x4vx-rjvf-j5p4

<2.19.6-r0
  • L
Interpretation Conflict

<2.19.6-r0
  • L
Improper Encoding or Escaping of Output

<2.19.6-r0
  • L
Insufficient Verification of Data Authenticity

<2.19.6-r0
  • M
CVE-2026-2950

<2.19.6-r0
  • L
CVE-2026-49459

<2.19.6-r0
  • L
GHSA-vxr8-fq34-vvx9

<2.19.6-r0
  • L
GHSA-cmwh-pvxp-8882

<2.19.6-r0
  • L
Directory Traversal

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • L
CRLF Injection

<2.19.6-r0
  • L
GHSA-cj63-jhhr-wcxv

<2.19.6-r0
  • L
GHSA-gvmj-g25r-r7wr

<2.19.6-r0
  • L
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • L
Incorrect Regular Expression

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • H
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
Cross-site Scripting (XSS)

<2.19.6-r0
  • M
HTTP Response Splitting

<2.19.6-r0
  • L
GHSA-v8w9-8mx6-g223

<2.19.6-r0
  • L
CVE-2026-49978

<2.19.6-r0
  • L
Improper Encoding or Escaping of Output

<2.19.6-r0
  • L
GHSA-39q2-94rc-95cp

<2.19.6-r0
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
GHSA-h8r8-wccr-v5f2

<2.19.6-r0
  • L
CVE-2026-4923

<2.19.6-r0
  • L
Permissive Whitelist

<2.19.6-r0
  • L
GHSA-7rx3-28cr-v5wh

<2.19.6-r0
  • L
GHSA-cjmm-f4jc-qw8r

<2.19.6-r0
  • H
Resource Exhaustion

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
HTTP Request Smuggling

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
Improper Validation of Specified Quantity in Input

<2.19.6-r0
  • L
CVE-2026-49458

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • M
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Information Exposure Through Caching

<2.19.6-r0
  • L
CVE-2026-56761

<2.19.6-r0
  • H
Server-Side Request Forgery (SSRF)

<2.19.6-r0
  • L
Directory Traversal

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • H
Uncontrolled Recursion

<2.19.6-r0
  • L
GHSA-26pp-8wgv-hjvm

<2.19.6-r0
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
CVE-2026-2739

<2.19.6-r0
  • L
Use of Less Trusted Source

<2.19.6-r0
  • L
GHSA-76mc-f452-cxcm

<2.19.6-r0
  • L
Improper Input Validation

<2.19.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • M
Directory Traversal

<2.19.6-r0
  • M
Arbitrary Code Injection

<2.19.6-r0
  • M
Improper Authorization

<2.19.6-r0
  • L
GHSA-442j-39wm-28r2

<2.19.6-r0
  • C
Improperly Controlled Modification of Dynamically-Determined Object Attributes

<2.19.6-r0
  • C
Permissive Whitelist

<2.19.6-r0
  • L
Loop with Unreachable Exit Condition ('Infinite Loop')

<2.19.6-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
Improper Input Validation

<2.19.6-r0
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • H
Cross-site Scripting (XSS)

<2.19.6-r0
  • L
Overly Permissive Cross-domain Whitelist

<2.19.6-r0
  • H
Inefficient Regular Expression Complexity

<2.19.6-r0
  • C
Improper Certificate Validation

<2.19.6-r0
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
CVE-2026-4926

<2.19.6-r0
  • L
HTTP Response Splitting

<2.19.6-r0
  • C
Improper Handling of URL Encoding (Hex Encoding)

<2.19.6-r0
  • L
CVE-2026-12143

*
  • C
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<2.19.6-r0
  • L
Information Exposure

<2.19.6-r0
  • L
Incorrect Authorization

<2.19.6-r0
  • L
Improper Verification of Cryptographic Signature

<2.19.6-r0
  • C
CVE-2026-4800

<2.19.6-r0
  • L
Algorithmic Complexity

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • L
CVE-2026-44974

<2.19.6-r0
  • L
CVE-2026-6322

*
  • H
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

*
  • L
Inefficient Regular Expression Complexity

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0
  • H
Information Exposure

<2.19.6-r0
  • L
Improper Check for Unusual or Exceptional Conditions

<2.19.6-r0
  • L
Server-Side Request Forgery (SSRF)

<2.19.6-r0
  • L
CVE-2026-6321

*
  • L
Allocation of Resources Without Limits or Throttling

<2.19.6-r0
  • M
Directory Traversal

<2.19.6-r0
  • L
Resource Exhaustion

<2.19.6-r0
  • L
GHSA-5c6j-r48x-rmvq

<2.19.6-r0
  • L
Unintended Proxy or Intermediary ('Confused Deputy')

<2.19.6-r0
  • L
Arbitrary Code Injection

<2.19.6-r0