raneto@0.6.0 vulnerabilities

Markdown powered Knowledgebase

Direct Vulnerabilities

Known vulnerabilities in the raneto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

raneto is a Markdown powered Knowledgebase

Affected versions of this package are vulnerable to Denial of Service (DoS) via a crafted payload injected into the Search parameter.

How to fix Denial of Service (DoS)?

Upgrade raneto to version 0.17.1 or higher.

<0.17.1
  • M
Insecure Defaults

raneto is a Markdown powered Knowledgebase

Affected versions of this package are vulnerable to Insecure Defaults. The default password is "password," and there are no password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

How to fix Insecure Defaults?

Upgrade raneto to version 0.17.1 or higher.

<0.17.1
  • M
Cross-site Scripting (XSS)

raneto is a Markdown powered Knowledgebase

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper content sanitization. Exploiting this vulnerability is possible by uploading a markdown file with malicious JavaScript.

How to fix Cross-site Scripting (XSS)?

Upgrade raneto to version 0.17.1 or higher.

<0.17.1