@saltcorn/server@0.9.6-beta.17 vulnerabilities
Server app for Saltcorn, open-source no-code platform
-
latest version
1.0.0
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
a day ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @saltcorn/server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? Upgrade |
<1.0.0-beta.16
|
@saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the event log handling mechanism. An attacker can manipulate the output of the event logs and execute arbitrary scripts in the context of the user's browser by injecting malicious payloads into the event data that is not properly sanitized before being displayed. How to fix Cross-site Scripting (XSS)? Upgrade |
<1.0.0-beta.16
|
@saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Directory Traversal due to missing sanitization of the How to fix Directory Traversal? Upgrade |
<1.0.0-beta.14
|
@saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Prototype Pollution due to missing validations of the
##Workaround
Users who are not able to upgrade to the fixed version are advised to check the values of the How to fix Prototype Pollution? Upgrade |
<1.0.0-beta.14
|
@saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to missing validations of the Note: It is possible to only see file and directory names but not to download their content. ##Workaround
Users who are not able to upgrade to the fixed version are advised to resolve the How to fix Exposure of Information Through Directory Listing? Upgrade |
<1.0.0-beta.14
|