apostrophe@2.227.9 vulnerabilities

The Apostrophe Content Management System.

latest version

4.9.0
latest non vulnerable version

4.9.0
first published

12 years ago
latest version published

3 days ago
licenses detected
- MIT
  >=0
View apostrophe package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the apostrophe package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) apostrophe is a content management system (CMS) for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) which is triggered once the image module that an editor uploaded as SVG file which contains malicious JavaScript, is viewed. How to fix Cross-site Scripting (XSS)? Upgrade `apostrophe` to version 3.4.0 or higher.	>=2.63.0 <3.4.0
H Insufficient Session Expiration apostrophe is a content management system (CMS) for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerable to Insufficient Session Expiration which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. Note: this only works if user switch locales after cutting. How to fix Insufficient Session Expiration? Upgrade `apostrophe` to version 3.4.0 or higher.	>=2.63.0 <3.4.0

Cross-site Scripting (XSS)

apostrophe is a content management system (CMS) for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) which is triggered once the image module that an editor uploaded as SVG file which contains malicious JavaScript, is viewed.

How to fix Cross-site Scripting (XSS)?

Upgrade apostrophe to version 3.4.0 or higher.

>=2.63.0 <3.4.0

Insufficient Session Expiration

Affected versions of this package are vulnerable to Insufficient Session Expiration which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.

Note: this only works if user switch locales after cutting.

How to fix Insufficient Session Expiration?

Upgrade apostrophe to version 3.4.0 or higher.

>=2.63.0 <3.4.0

Go back to all versions of this package

apostrophe@2.227.9 vulnerabilities

The Apostrophe Content Management System.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities