effectify 0.1.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the effectify package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Authorization Bypass Through User-Controlled Key effectify is an Utility library that bridges Effect-ts with various utilities and projects, such as Astro! Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the `getUsers` process. An attacker can access sensitive owner account information, such as IDs, usernames, display names, and email addresses, by supplying a crafted `rank` query parameter while authenticated as an admin. This allows bypassing intended authorization boundaries and retrieving privileged user data. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `effectify` to version 0.2.0 or higher.	<0.2.0
M Authorization Bypass Through User-Controlled Key effectify is an Utility library that bridges Effect-ts with various utilities and projects, such as Astro! Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the `create-reset-link` process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password reset token for any user, including those with greater privileges, and then resetting their password using the token. How to fix Authorization Bypass Through User-Controlled Key? Upgrade `effectify` to version 0.2.0 or higher.	<0.2.0

Vulnerability

Vulnerable Version

Authorization Bypass Through User-Controlled Key

effectify is an Utility library that bridges Effect-ts with various utilities and projects, such as Astro!

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getUsers process. An attacker can access sensitive owner account information, such as IDs, usernames, display names, and email addresses, by supplying a crafted rank query parameter while authenticated as an admin. This allows bypassing intended authorization boundaries and retrieving privileged user data.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade effectify to version 0.2.0 or higher.

<0.2.0

Authorization Bypass Through User-Controlled Key

effectify is an Utility library that bridges Effect-ts with various utilities and projects, such as Astro!

Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the create-reset-link process. An attacker can gain unauthorized access to higher-privileged accounts by generating a password reset token for any user, including those with greater privileges, and then resetting their password using the token.

How to fix Authorization Bypass Through User-Controlled Key?

Upgrade effectify to version 0.2.0 or higher.

<0.2.0

effectify@0.1.1 vulnerabilities

Utility library that bridges Effect-ts with various utilities and projects, such as Astro!

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically