raneto@0.6.0 vulnerabilities

Markdown powered Knowledgebase

  • latest version

    0.17.8

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    9 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the raneto package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    raneto is a Markdown powered Knowledgebase

    Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted payload injected into the Search parameter.

    How to fix Denial of Service (DoS)?

    Upgrade raneto to version 0.17.1 or higher.

    <0.17.1
    • M
    Insecure Defaults

    raneto is a Markdown powered Knowledgebase

    Affected versions of this package are vulnerable to Insecure Defaults. The default password is "password," and there are no password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

    How to fix Insecure Defaults?

    Upgrade raneto to version 0.17.1 or higher.

    <0.17.1
    • M
    Cross-site Scripting (XSS)

    raneto is a Markdown powered Knowledgebase

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper content sanitization. Exploiting this vulnerability is possible by uploading a markdown file with malicious JavaScript.

    How to fix Cross-site Scripting (XSS)?

    Upgrade raneto to version 0.17.1 or higher.

    <0.17.1