calipso@0.3.40 vulnerabilities
A NodeJS CMS
-
latest version
0.3.54
-
first published
13 years ago
-
latest version published
10 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the calipso package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
calipso is a Calipso is a simple NodeJS content management system based on Express, Connect & Mongoose. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). It is possible for a malicious module to overwrite files on an arbitrary file system through the module install functionality. PoC
How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for |
*
|