deepseek-tui 0.8.3

Direct Vulnerabilities

Known vulnerabilities in the deepseek-tui package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Server-side Request Forgery (SSRF) deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `fetch_url` process. An attacker can gain unauthorized access to internal resources by supplying a specially crafted IPv6 URL, such as `http://[::1]`, which bypasses hostname validation. How to fix Server-side Request Forgery (SSRF)? Upgrade `deepseek-tui` to version 0.8.26 or higher.	<0.8.26
H Arbitrary Code Injection deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Arbitrary Code Injection via the `run_tests` process. An attacker can execute arbitrary code by introducing malicious test code into a repository, which is then automatically executed without user approval when tests are run. This is only exploitable if a repository contains malicious test code and the system is configured to auto-approve test execution. How to fix Arbitrary Code Injection? Upgrade `deepseek-tui` to version 0.8.23 or higher.	<0.8.23
H Server-side Request Forgery (SSRF) deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `fetch_url` process. An attacker can access sensitive internal resources by supplying a URL that redirects to restricted IP addresses, bypassing security checks through automatic HTTP redirects. How to fix Server-side Request Forgery (SSRF)? Upgrade `deepseek-tui` to version 0.8.22 or higher.	<0.8.22

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the fetch_url process. An attacker can gain unauthorized access to internal resources by supplying a specially crafted IPv6 URL, such as http://[::1], which bypasses hostname validation.

How to fix Server-side Request Forgery (SSRF)?

Upgrade deepseek-tui to version 0.8.26 or higher.

<0.8.26

Arbitrary Code Injection

deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the run_tests process. An attacker can execute arbitrary code by introducing malicious test code into a repository, which is then automatically executed without user approval when tests are run. This is only exploitable if a repository contains malicious test code and the system is configured to auto-approve test execution.

How to fix Arbitrary Code Injection?

Upgrade deepseek-tui to version 0.8.23 or higher.

<0.8.23

Server-side Request Forgery (SSRF)

deepseek-tui is an Install and run deepseek and deepseek-tui binaries from GitHub release artifacts.

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the fetch_url process. An attacker can access sensitive internal resources by supplying a URL that redirects to restricted IP addresses, bypassing security checks through automatic HTTP redirects.

How to fix Server-side Request Forgery (SSRF)?

Upgrade deepseek-tui to version 0.8.22 or higher.

<0.8.22

deepseek-tui@0.8.3

Deprecated. Renamed to `codewhale`. Run `npm install -g codewhale` instead.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically