Homepage
About Snyk

cruddl@1.7.1-ttl-statistics.1 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the cruddl package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Input Validation

cruddl is a npm version Build Status [![Package Quality](https://npm.

Affected versions of this package are vulnerable to Improper Input Validation. If it is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB. Note: Schemas that do not use @flexSearchFulltext are not affected, and an attacker needs to have READ permission to at least one root entity type that has @flexSearchFulltext enabled.

How to fix Improper Input Validation?

Upgrade cruddl to version 2.7.0, 3.0.1 or higher.

>=1.1.0 <2.7.0 >=3.0.0 <3.0.1
Go back to all versions of this package