@saltcorn/server@1.0.0-beta.14 vulnerabilities

Server app for Saltcorn, open-source no-code platform

Direct Vulnerabilities

Known vulnerabilities in the @saltcorn/server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Directory Traversal via the sync/clean_sync_dir endpoint due to improper sanitization of dir_name POST parameter. An attacker can delete arbitrary files on the server by sending a crafted request with manipulated directory paths.

How to fix Directory Traversal?

Upgrade @saltcorn/server to version 1.0.0-beta.16 or higher.

<1.0.0-beta.16
  • M
Cross-site Scripting (XSS)

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the event log handling mechanism. An attacker can manipulate the output of the event logs and execute arbitrary scripts in the context of the user's browser by injecting malicious payloads into the event data that is not properly sanitized before being displayed.

How to fix Cross-site Scripting (XSS)?

Upgrade @saltcorn/server to version 1.0.0-beta.16 or higher.

<1.0.0-beta.16