Homepage

gun@0.9.9999991 vulnerabilities

A realtime, decentralized, offline-first, graph data synchronization engine.

  • latest version

    0.2020.1241

  • latest non vulnerable version

    0.2020.1241

  • first published

    11 years ago

  • latest version published

    4 months ago

  • licenses detected

  • View gun package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the gun package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    gun is an ecosystem of tools that let you build community run and encrypted applications.

    Affected versions of this package are vulnerable to Directory Traversal. Using curl --path-as-is allowed reads on any parent directory or files.

    PoC

    curl -v --path-as-is 'http://localhost:8080/gun/../../.env'

    How to fix Directory Traversal?

    Upgrade gun to version 0.2019.416 or higher.

    <0.2019.416
    • M
    Information Exposure

    gun is an ecosystem of tools that let you build community run and encrypted applications.

    Affected versions of this package are vulnerable to Information Exposure. Using curl --path-as-is allowed reads on any parent directory or files.

    How to fix Information Exposure?

    Upgrade gun to version 0.2019.416 or higher.

    <0.2019.416
    Go back to all versions of this package