@saltcorn/server@0.9.4-beta.0 vulnerabilities

Server app for Saltcorn, open-source no-code platform

Direct Vulnerabilities

Known vulnerabilities in the @saltcorn/server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Directory Traversal via the sync/clean_sync_dir endpoint due to improper sanitization of dir_name POST parameter. An attacker can delete arbitrary files on the server by sending a crafted request with manipulated directory paths.

How to fix Directory Traversal?

Upgrade @saltcorn/server to version 1.0.0-beta.16 or higher.

<1.0.0-beta.16
  • M
Cross-site Scripting (XSS)

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the event log handling mechanism. An attacker can manipulate the output of the event logs and execute arbitrary scripts in the context of the user's browser by injecting malicious payloads into the event data that is not properly sanitized before being displayed.

How to fix Cross-site Scripting (XSS)?

Upgrade @saltcorn/server to version 1.0.0-beta.16 or higher.

<1.0.0-beta.16
  • M
Directory Traversal

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Directory Traversal due to missing sanitization of the filename parameter used to identify the zip file when passed to the res.download API. This allows an attacker with admin permission to read and download arbitrary zip files when downloading auto backups.

How to fix Directory Traversal?

Upgrade @saltcorn/server to version 1.0.0-beta.14 or higher.

<1.0.0-beta.14
  • H
Prototype Pollution

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Prototype Pollution due to missing validations of the lang and defstring parameters in the /site-structure/localizer/save-string/:lang/:defstring endpoint, which can lead to setting the keys and value of the cfgStrings object. This allows an attacker to add or modify properties of the Object prototype that can result in several logic issues:

  1. RCE vulnerabilities by polluting the tempRootFolder property

  2. SQL injection vulnerabilities by polluting the schema property when using PostgreSQL database.

##Workaround Users who are not able to upgrade to the fixed version are advised to check the values of the lang and defstring parameters against dangerous properties like __proto__, constructor, prototype.

How to fix Prototype Pollution?

Upgrade @saltcorn/server to version 1.0.0-beta.14 or higher.

<1.0.0-beta.14
  • M
Exposure of Information Through Directory Listing

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to missing validations of the build_dir_name parameter. This allows an attacker with admin permission to view files and directories on the filesystem.

Note: It is possible to only see file and directory names but not to download their content.

##Workaround Users who are not able to upgrade to the fixed version are advised to resolve the buildDir and check if it starts with ${rootFolder.location}/mobile_app.

How to fix Exposure of Information Through Directory Listing?

Upgrade @saltcorn/server to version 1.0.0-beta.14 or higher.

<1.0.0-beta.14