@studiocms/s3-storage@0.2.1 vulnerabilities
Add S3 Storage Support into your StudioCMS project.
latest version
0.3.1
latest non vulnerable version
first published
2 months ago
latest version published
9 days ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @studiocms/s3-storage package. This does not include vulnerabilities belonging to this package’s dependencies.
Fix vulnerabilities automatically
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Incorrect Authorization via the S3ApiService POST/PUT handlers in the S3 storage manager. An attacker can gain full S3 file management (upload, delete, rename, list) by invoking those endpoints as a visitor because the async How to fix Incorrect Authorization? Upgrade | <0.3.1 |
@studiocms/s3-storage is an Add S3 Storage Support into your StudioCMS project. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the How to fix Authorization Bypass Through User-Controlled Key? Upgrade | <0.3.1 |