@haxtheweb/open-apis@9.0.9 vulnerabilities

Shared API infrastructure for HAXTheWeb advanced capabilities like importing, parsing, analysis, migration

  • latest version

    11.0.3

  • latest non vulnerable version

  • first published

    8 months ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @haxtheweb/open-apis package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Uninitialized Memory Exposure

    @haxtheweb/open-apis is a Shared API infrastructure for HAXTheWeb advanced capabilities like importing, parsing, analysis, migration

    Affected versions of this package are vulnerable to Uninitialized Memory Exposure through the haxPsuUsage API endpoint. An attacker can retrieve a full list of PSU websites hosted on HAX CMS by sending a GET request to the exposed endpoint without needing authentication.

    How to fix Uninitialized Memory Exposure?

    Upgrade @haxtheweb/open-apis to version 11.0.2 or higher.

    <11.0.2