org.apache.brooklyn:brooklyn-jsgui@0.7.0-incubating vulnerabilities
latest version
0.12.0
latest non vulnerable version
first published
9 years ago
latest version published
7 years ago
licenses detected
- [0.7.0-incubating,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.apache.brooklyn:brooklyn-jsgui package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.apache.brooklyn:brooklyn-jsgui is a software for managing cloud applications. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server. How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,0.10.0) |
org.apache.brooklyn:brooklyn-jsgui is a software for managing cloud applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Any authenticated user can cause scripts to run in the browser of another user authorized to access the first user’s resources. This is due to improper escaping of server-side content. How to fix Cross-site Scripting (XSS)? Upgrade | [,0.10.0) |