@saltcorn/data 1.4.2

Direct Vulnerabilities

Known vulnerabilities in the @saltcorn/data package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Incorrect Authorization @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Incorrect Authorization through the role context evaluation process. An attacker can gain unauthorized administrative privileges on the root domain by manipulating the tenant context and accessing privileged routes. How to fix Incorrect Authorization? Upgrade `@saltcorn/data` to version 1.4.4, 1.5.2, 1.6.0-beta.1 or higher.	<1.4.4>=1.5.0-beta.0 <1.5.2>=1.6.0-alpha.0 <1.6.0-beta.1
H SQL Injection @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the `getSyncRows` and `getDelRows` functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents, and escalate privileges by submitting crafted input to the affected endpoints. How to fix SQL Injection? Upgrade `@saltcorn/data` to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.	<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5
H SQL Injection @saltcorn/data is a Data models for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the `Literal` function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input into formula-type table constraints, which are converted to SQL without proper escaping. How to fix SQL Injection? Upgrade `@saltcorn/data` to version 1.4.4, 1.5.2, 1.6.0-beta.1 or higher.	<1.4.4>=1.5.0-beta.0 <1.5.2>=1.6.0-alpha.0 <1.6.0-beta.1

Vulnerability

Vulnerable Version

Incorrect Authorization

@saltcorn/data is a Data models for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Incorrect Authorization through the role context evaluation process. An attacker can gain unauthorized administrative privileges on the root domain by manipulating the tenant context and accessing privileged routes.

How to fix Incorrect Authorization?

Upgrade @saltcorn/data to version 1.4.4, 1.5.2, 1.6.0-beta.1 or higher.

<1.4.4>=1.5.0-beta.0 <1.5.2>=1.6.0-alpha.0 <1.6.0-beta.1

SQL Injection

@saltcorn/data is a Data models for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to SQL Injection via the getSyncRows and getDelRows functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents, and escalate privileges by submitting crafted input to the affected endpoints.

How to fix SQL Injection?

Upgrade @saltcorn/data to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.

<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5

SQL Injection

@saltcorn/data is a Data models for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted input into formula-type table constraints, which are converted to SQL without proper escaping.

How to fix SQL Injection?

Upgrade @saltcorn/data to version 1.4.4, 1.5.2, 1.6.0-beta.1 or higher.

<1.4.4>=1.5.0-beta.0 <1.5.2>=1.6.0-alpha.0 <1.6.0-beta.1

@saltcorn/data@1.4.2

Data models for Saltcorn, open-source no-code platform

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically