gun@0.3.97 vulnerabilities

A realtime, decentralized, offline-first, graph data synchronization engine.

Direct Vulnerabilities

Known vulnerabilities in the gun package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

gun is an ecosystem of tools that let you build community run and encrypted applications.

Affected versions of this package are vulnerable to Directory Traversal. Using curl --path-as-is allowed reads on any parent directory or files.

PoC

curl -v --path-as-is 'http://localhost:8080/gun/../../.env'

How to fix Directory Traversal?

Upgrade gun to version 0.2019.416 or higher.

<0.2019.416
  • M
Information Exposure

gun is an ecosystem of tools that let you build community run and encrypted applications.

Affected versions of this package are vulnerable to Information Exposure. Using curl --path-as-is allowed reads on any parent directory or files.

How to fix Information Exposure?

Upgrade gun to version 0.2019.416 or higher.

<0.2019.416