@fedify/fedify@1.3.3 vulnerabilities

An ActivityPub server framework

latest version

1.3.5

latest non vulnerable version

1.4.0-dev.610

first published

10 months ago

latest version published

4 days ago

licenses detected

MIT
>=0.10.0-dev.220

View fedify package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @fedify/fedify package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Infinite loop @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Infinite loop via the Webfinger mechanism which allows a user to perform a `GET` request to any internal resource on any `Host`, `Port`, `URL` combination regardless of present security mechanisms. How to fix Infinite loop? Upgrade `@fedify/fedify` to version 1.0.14, 1.1.11, 1.2.11, 1.3.4 or higher.	<1.0.14>=1.1.0 <1.1.11>=1.2.0 <1.2.11>=1.3.0 <1.3.4

Infinite loop

@fedify/fedify is an An ActivityPub server framework

Affected versions of this package are vulnerable to Infinite loop via the Webfinger mechanism which allows a user to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms.

How to fix Infinite loop?

Upgrade @fedify/fedify to version 1.0.14, 1.1.11, 1.2.11, 1.3.4 or higher.

<1.0.14>=1.1.0 <1.1.11>=1.2.0 <1.2.11>=1.3.0 <1.3.4

Go back to all versions of this package