candlepin

Direct Vulnerabilities

Known vulnerabilities in the candlepin package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • H
Deserialization of Untrusted Data

*
  • M
Deserialization of Untrusted Data

*
  • M
Improperly Controlled Modification of Dynamically-Determined Object Attributes

*
  • H
Numeric Range Comparison Without Minimum Check

*
  • H
Incorrect Default Permissions

*
  • M
Insufficient Granularity of Access Control

*
  • H
Uncontrolled Memory Allocation

*
  • M
Authorization Bypass Through User-Controlled Key

*
  • H
Missing Authentication for Critical Function

*
  • M
Insufficient Granularity of Access Control

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
LDAP Injection

*
  • M
Arbitrary Code Injection

*
  • M
Integer Overflow or Wraparound

*
  • M
CRLF Injection

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
HTTP Request Smuggling

*
  • M
Missing Authentication for Critical Function

*
  • M
Incorrect Authorization

*
  • M
Improper Input Validation

*
  • M
CRLF Injection

*
  • M
Improper Input Validation

*
  • L
Resource Exhaustion

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • L
Uncontrolled Recursion

*
  • L
Information Exposure

*
  • L
Improper Validation of Syntactic Correctness of Input

*
  • M
Incorrect Behavior Order

*
  • M
XML External Entity (XXE) Injection

*
  • M
Improper Input Validation

*
  • L
XML External Entity (XXE) Injection

*
  • L
Improper Handling of Insufficient Permissions or Privileges

*
  • L
Incorrect Authorization

*
  • M
Improper Access Control

*
  • L
HTTP Request Smuggling

*
  • L
HTTP Request Smuggling

*