org.yamcs:yamcs-core 5.7.4 vulnerabilities

Known vulnerabilities in the org.yamcs:yamcs-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Improper Restriction of Rendered UI Layers or Frames Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames allowing an attacker to create a website that would encourage the user to perform specific actions. This type of vulnerability can have an exceptionally high impact on control systems, such as this package. How to fix Improper Restriction of Rendered UI Layers or Frames? There is no fixed version for `org.yamcs:yamcs-core`.	[0,)
H Information Exposure Affected versions of this package are vulnerable to Information Exposure via the `upload` function. An attacker can obtain the session cookie by uploading a crafted HTML file. How to fix Information Exposure? Upgrade `org.yamcs:yamcs-core` to version 5.8.8 or higher.	[,5.8.8)
H Path Traversal Affected versions of this package are vulnerable to Path Traversal in the storage functionality of the API. An attacker can escape the base directory of the buckets, freely navigate system directories, and read arbitrary files. How to fix Path Traversal? Upgrade `org.yamcs:yamcs-core` to version 5.8.8 or higher.	[,5.8.8)
H Path Traversal Affected versions of this package are vulnerable to Path Traversal in the storage functionality of the API. An attacker can delete arbitrary files by sending a crafted `HTTP DELETE` request. How to fix Path Traversal? Upgrade `org.yamcs:yamcs-core` to version 5.8.8 or higher.	[,5.8.8)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when uploading a display referencing a malicious JavaScript file to the bucket is possible. How to fix Cross-site Scripting (XSS)? Upgrade `org.yamcs:yamcs-core` to version 5.8.7 or higher.	[,5.8.7)
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Bucket storage mechanism. An attacker can execute arbitrary JavaScript by uploading an HTML file containing the script and then navigating to it. This is only exploitable if the user opens the uploaded file. How to fix Cross-site Scripting (XSS)? Upgrade `org.yamcs:yamcs-core` to version 5.8.7 or higher.	[,5.8.7)

Vulnerability

Vulnerable Version

Improper Restriction of Rendered UI Layers or Frames

Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames allowing an attacker to create a website that would encourage the user to perform specific actions. This type of vulnerability can have an exceptionally high impact on control systems, such as this package.

How to fix Improper Restriction of Rendered UI Layers or Frames?

There is no fixed version for org.yamcs:yamcs-core.

[0,)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure via the upload function. An attacker can obtain the session cookie by uploading a crafted HTML file.

How to fix Information Exposure?

Upgrade org.yamcs:yamcs-core to version 5.8.8 or higher.

[,5.8.8)

Path Traversal

Affected versions of this package are vulnerable to Path Traversal in the storage functionality of the API. An attacker can escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

How to fix Path Traversal?

Upgrade org.yamcs:yamcs-core to version 5.8.8 or higher.

[,5.8.8)

Path Traversal

Affected versions of this package are vulnerable to Path Traversal in the storage functionality of the API. An attacker can delete arbitrary files by sending a crafted HTTP DELETE request.

How to fix Path Traversal?

Upgrade org.yamcs:yamcs-core to version 5.8.8 or higher.

[,5.8.8)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when uploading a display referencing a malicious JavaScript file to the bucket is possible.

How to fix Cross-site Scripting (XSS)?

Upgrade org.yamcs:yamcs-core to version 5.8.7 or higher.

[,5.8.7)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Bucket storage mechanism. An attacker can execute arbitrary JavaScript by uploading an HTML file containing the script and then navigating to it. This is only exploitable if the user opens the uploaded file.

How to fix Cross-site Scripting (XSS)?

Upgrade org.yamcs:yamcs-core to version 5.8.7 or higher.

[,5.8.7)

org.yamcs:yamcs-core@5.7.4 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?