org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature@6.4.14 vulnerabilities

licenses detected

Apache-2.0
[1.3.0,)

package registry

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Open Redirect org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature is an a feature that contains the core bundles required for API management back end. Affected versions of this package are vulnerable to Open Redirect via the API store. How to fix Open Redirect? A fix was pushed into the `master` branch but not yet published.	[0,)
M Cross-site Scripting (XSS) org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature is an a feature that contains the core bundles required for API management back end. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. How to fix Cross-site Scripting (XSS)? Upgrade `org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature` to version 6.7.123 or higher.	[,6.7.123)

Open Redirect

org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature is an a feature that contains the core bundles required for API management back end.

Affected versions of this package are vulnerable to Open Redirect via the API store.

How to fix Open Redirect?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Scripting (XSS)

org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature is an a feature that contains the core bundles required for API management back end.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access.

How to fix Cross-site Scripting (XSS)?

Upgrade org.wso2.carbon.apimgt:org.wso2.carbon.apimgt.store.feature to version 6.7.123 or higher.

[,6.7.123)

Go back to all versions of this package