org.apache.streampipes:streampipes-rest@0.93.0 vulnerabilities
-
latest version
0.95.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
3 months ago
-
licenses detected
- [0.66.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.streampipes:streampipes-rest package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the configuration of custom endpoints for installing additional pipeline elements. An attacker can manipulate the server to make unauthorized network requests by supplying malicious URLs in the configuration settings. How to fix Server-side Request Forgery (SSRF)? Upgrade |
[0.93.0,0.95.0)
|
Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition during the user self-registration process. An attacker can create multiple identical user accounts by repeatedly requesting account creation with the same email address before it is registered, leading to corruption in user management. How to fix Time-of-check Time-of-use (TOCTOU) Race Condition? Upgrade |
[0.93.0,0.95.0)
|
Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type through the upload functionality. An attacker can execute arbitrary code on the server by uploading malicious files. This is only exploitable if the user is authenticated and authorized. How to fix Unrestricted Upload of File with Dangerous Type? Upgrade |
[0.93.0,0.95.0)
|