dbgate-api@6.5.4 vulnerabilities

Allows run DbGate data-manipulation scripts.

latest version

6.6.0

first published

4 years ago

latest version published

7 days ago

licenses detected

GPL-3.0
>=1.0.0 <3.9.6-alpha.7; >=5.3.3

View dbgate-api package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dbgate-api package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary File Write via Archive Extraction (Zip Slip) dbgate-api is an Allows run DbGate data-manipulation scripts. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via insufficient validation of file paths and types in the `reader` function. An attacker can access arbitrary files on the system, including sensitive files, by submitting crafted requests that specify unauthorized file paths. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `dbgate-api`.	*

Arbitrary File Write via Archive Extraction (Zip Slip)

dbgate-api is an Allows run DbGate data-manipulation scripts.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via insufficient validation of file paths and types in the reader function. An attacker can access arbitrary files on the system, including sensitive files, by submitting crafted requests that specify unauthorized file paths.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for dbgate-api.

Go back to all versions of this package