Homepage

cloudinary@1.29.1 vulnerabilities

Cloudinary NPM for node.js integration

  • latest version

    2.8.0

  • latest non vulnerable version

    2.8.0

  • first published

    13 years ago

  • latest version published

    28 days ago

  • licenses detected

  • View cloudinary package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the cloudinary package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Argument Injection

    cloudinary is a Cloudinary NPM for node.js integration

    Affected versions of this package are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior.

    Note: Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven't received a response.

    How to fix Arbitrary Argument Injection?

    Upgrade cloudinary to version 2.7.0 or higher.

    <2.7.0
    Go back to all versions of this package