io.github.robothy:local-s3-rest 1.17 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.github.robothy:local-s3-rest package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be accessible. How to fix XML External Entity (XXE) Injection? Upgrade `io.github.robothy:local-s3-rest` to version 1.21 or higher.	[,1.21)
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket tagging endpoint. External entities referenced in an `AccessControlPolicy` XML document are resolved and retrieved. This allows attackers to perform server-side request forgery (SSRF) attacks or expose information from internal URLs that are not meant to be accessible. How to fix XML External Entity (XXE) Injection? Upgrade `io.github.robothy:local-s3-rest` to version 1.21 or higher.	[,1.21)
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket tagging endpoint. External entities referenced in a malicious XML document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be accessible. How to fix XML External Entity (XXE) Injection? Upgrade `io.github.robothy:local-s3-rest` to version 1.21 or higher.	[,1.21)
M XML External Entity (XXE) Injection Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket creation endpoint. In `createServiceFactory`, external entities referenced in the `CreateBucketConfiguration` XML document are resolved and retrieved. This allows attackers to perform server-side request forgery (SSRF) attacks or expose information from internal URLs that are not meant to be accessible. How to fix XML External Entity (XXE) Injection? Upgrade `io.github.robothy:local-s3-rest` to version 1.21 or higher.	[,1.21)

Vulnerability

Vulnerable Version

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection when parsing DTD files. External entities referenced in a malicious DTD document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be accessible.

How to fix XML External Entity (XXE) Injection?

Upgrade io.github.robothy:local-s3-rest to version 1.21 or higher.

[,1.21)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket tagging endpoint. External entities referenced in an AccessControlPolicy XML document are resolved and retrieved. This allows attackers to perform server-side request forgery (SSRF) attacks or expose information from internal URLs that are not meant to be accessible.

How to fix XML External Entity (XXE) Injection?

Upgrade io.github.robothy:local-s3-rest to version 1.21 or higher.

[,1.21)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket tagging endpoint. External entities referenced in a malicious XML document are resolved and retrieved. This allows attackers to expose information from internal URLs that are not meant to be accessible.

How to fix XML External Entity (XXE) Injection?

Upgrade io.github.robothy:local-s3-rest to version 1.21 or higher.

[,1.21)

XML External Entity (XXE) Injection

Affected versions of this package are vulnerable to XML External Entity (XXE) Injection over the bucket creation endpoint. In createServiceFactory, external entities referenced in the CreateBucketConfiguration XML document are resolved and retrieved. This allows attackers to perform server-side request forgery (SSRF) attacks or expose information from internal URLs that are not meant to be accessible.

How to fix XML External Entity (XXE) Injection?

Upgrade io.github.robothy:local-s3-rest to version 1.21 or higher.

[,1.21)

io.github.robothy:local-s3-rest@1.17 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?