Homepage

dbgate-api@6.4.3-alpha.1 vulnerabilities

Allows run DbGate data-manipulation scripts.

  • latest version

    6.6.0

  • first published

    4 years ago

  • latest version published

    7 days ago

  • licenses detected

    • GPL-3.0
      >=1.0.0 <3.9.6-alpha.7; >=5.3.3
  • View dbgate-api package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the dbgate-api package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary File Write via Archive Extraction (Zip Slip)

    dbgate-api is an Allows run DbGate data-manipulation scripts.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via insufficient validation of file paths and types in the reader function. An attacker can access arbitrary files on the system, including sensitive files, by submitting crafted requests that specify unauthorized file paths.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    There is no fixed version for dbgate-api.

    *
    • H
    Arbitrary File Write via Archive Extraction (Zip Slip)

    dbgate-api is an Allows run DbGate data-manipulation scripts.

    Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the file parameter in the /uploads/get endpoint. An attacker can access arbitrary files on the system by supplying a crafted path to this parameter, potentially exposing sensitive data.

    How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

    Upgrade dbgate-api to version 6.5.0 or higher.

    <6.5.0
    Go back to all versions of this package