Homepage

@keystone-6/core@0.0.0-rc-20250224052246 vulnerabilities

  • latest version

    6.5.1

  • latest non vulnerable version

    6.5.1

  • first published

    3 years ago

  • latest version published

    3 days ago

  • View core package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @keystone-6/core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Information Exposure

    Affected versions of this package are vulnerable to Information Exposure when applying isFilterable to sensitive data. By adding malicious uniqueness filters to the where clause of an update or delete operation, a user can infer the presence of specific values in records the user does not have permission to read.

    Note: This vulnerability has no impact on fields to which isFilterable: false or defaultIsFilterable: false are applied.

    How to fix Information Exposure?

    Upgrade @keystone-6/core to version 6.5.0 or higher.

    <6.5.0
    • L
    Improper Access Control

    Affected versions of this package are vulnerable to Improper Access Control when ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible (no session required). This is different from the behavior of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a session strategy is not defined.

    How to fix Improper Access Control?

    Upgrade @keystone-6/core to version 5.5.1 or higher.

    <5.5.1
    Go back to all versions of this package