gun@0.0.9-i vulnerabilities

A realtime, decentralized, offline-first, graph data synchronization engine.

  • latest version

    0.2020.1240

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    8 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the gun package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    gun is an ecosystem of tools that let you build community run and encrypted applications.

    Affected versions of this package are vulnerable to Directory Traversal. Using curl --path-as-is allowed reads on any parent directory or files.

    PoC

    curl -v --path-as-is 'http://localhost:8080/gun/../../.env'
    

    How to fix Directory Traversal?

    Upgrade gun to version 0.2019.416 or higher.

    <0.2019.416
    • M
    Information Exposure

    gun is an ecosystem of tools that let you build community run and encrypted applications.

    Affected versions of this package are vulnerable to Information Exposure. Using curl --path-as-is allowed reads on any parent directory or files.

    How to fix Information Exposure?

    Upgrade gun to version 0.2019.416 or higher.

    <0.2019.416