Vulnerability	Vulnerable Version
M Open Redirect @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Open Redirect via the `is_relative_url` function. An attacker can redirect users to an external, attacker-controlled domain by crafting a malicious URL that exploits improper validation of the `dest` parameter in the login. Note: This can be achieved by tricking a user into clicking a specially crafted login link, leading to potential credential phishing or other social engineering attacks. How to fix Open Redirect? Upgrade `@saltcorn/server` to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.	<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5
H SQL Injection @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the `getSyncRows` and `getDelRows` functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents, and escalate privileges by submitting crafted input to the affected endpoints. How to fix SQL Injection? Upgrade `@saltcorn/server` to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.	<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5

Open Redirect

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to Open Redirect via the is_relative_url function. An attacker can redirect users to an external, attacker-controlled domain by crafting a malicious URL that exploits improper validation of the dest parameter in the login.

Note: This can be achieved by tricking a user into clicking a specially crafted login link, leading to potential credential phishing or other social engineering attacks.

How to fix Open Redirect?

Upgrade @saltcorn/server to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.

<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5

SQL Injection

@saltcorn/server is a Server app for Saltcorn, open-source no-code platform

Affected versions of this package are vulnerable to SQL Injection via the getSyncRows and getDelRows functions. An attacker can execute arbitrary SQL commands, exfiltrate sensitive data, modify or delete database contents, and escalate privileges by submitting crafted input to the affected endpoints.

How to fix SQL Injection?

Upgrade @saltcorn/server to version 1.4.6, 1.5.6, 1.6.0-beta.5 or higher.

<1.4.6>=1.5.0-beta.0 <1.5.6>=1.6.0-alpha.0 <1.6.0-beta.5

Go back to all versions of this package