@karakeep/sdk@0.31.0

Typescript SDK for Karakeep

  • latest version

    0.32.0

  • latest non vulnerable version

  • first published

    1 years ago

  • latest version published

    1 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @karakeep/sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    @karakeep/sdk is a Typescript SDK for Karakeep

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the metascraper-logo-favicon process. An attacker can cause the server to make unauthorized HTTP requests to internal or sensitive network resources by submitting crafted HTML containing malicious <link rel="icon"> tags. This can result in exposure of cloud metadata, internal service discovery, or leakage of sensitive data through redirects.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade @karakeep/sdk to version 0.32.0 or higher.

    <0.32.0