raneto@0.16.2 vulnerabilities
Markdown powered Knowledgebase
-
latest version
0.17.8
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
9 months ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the raneto package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
raneto is a Markdown powered Knowledgebase Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted payload injected into the Search parameter. How to fix Denial of Service (DoS)? Upgrade |
<0.17.1
|
raneto is a Markdown powered Knowledgebase Affected versions of this package are vulnerable to Insecure Defaults. The default password is "password," and there are no password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. How to fix Insecure Defaults? Upgrade |
<0.17.1
|
raneto is a Markdown powered Knowledgebase Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper content sanitization. Exploiting this vulnerability is possible by uploading a markdown file with malicious JavaScript. How to fix Cross-site Scripting (XSS)? Upgrade |
<0.17.1
|