org.fitnesse:fitnesse@20131109 vulnerabilities

The fully integrated standalone wiki, and acceptance testing framework.

Direct Vulnerabilities

Known vulnerabilities in the org.fitnesse:fitnesse package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Command Execution

org.fitnesse:fitnesse is a web server, a wiki and an automated testing tool for software.

Affected versions of this package are vulnerable to Arbitrary Command Execution. FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

How to fix Arbitrary Command Execution?

Upgrade org.fitnesse:fitnesse to version 20140201 or higher.