0.3.2
10 years ago
4 years ago
Known vulnerabilities in the buttle package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
buttle is a simple static file (+ markdown) server. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to execute arbitrary code due to unsafe rendering of markdown files. How to fix Cross-site Scripting (XSS)? There is no fixed version for | * |
buttle is a simple static file (+ markdown) server. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Due to lack of filenames sanitization, it is possible to inject a malicious iframe tag via filename and execute arbitrary JavaScript code. How to fix Cross-site Scripting (XSS)? There is no fixed version for | * |
buttle is a Simple static file (+ markdown) server. Affected versions of this package are vulnerable to Directory Traversal attacks. An attacker could read any file in the server. How to fix Directory Traversal? There is no fix version for | * |
buttle is a Simple static file (+ markdown) server. Affected versions of this package are vulnerable to Arbitrary Command Injection. When How to fix Arbitrary Command Injection? There is no fix version for | * |