signalk-server 2.19.0-beta.4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the signalk-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Directory Traversal signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the `validateAppId` function. An attacker can access arbitrary files and directories outside the intended directory by supplying specially crafted input containing backslashes as directory separators on Windows systems. This may allow reading, writing, or listing sensitive files with the privileges of the authenticated user. How to fix Directory Traversal? Upgrade `signalk-server` to version 2.20.3 or higher.	<2.20.3
C Authentication Bypass Using an Alternate Path or Channel signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the `startServerEvents` and `queryRequest` functions. When `allow_readonly` is enabled, an unauthenticated attacker can obtain authentication tokens for any user by enumerating WebSocket events to discover access request IDs and then polling the access request status endpoint to retrieve issued tokens. How to fix Authentication Bypass Using an Alternate Path or Channel? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5
H Arbitrary Code Injection signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the `appstore.js` REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator can execute arbitrary commands on the server by supplying a malicious package source containing a crafted `postinstall` script. The package source is passed in as a version specifier, which is valid according to npm specifications, and loads the malicious code upon install. How to fix Arbitrary Code Injection? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5
H Allocation of Resources Without Limits or Throttling signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the `/signalk/v1/access/requests` endpoint. An attacker can cause the server to exhaust memory resources and crash by sending a large number of unauthenticated POST requests containing large payloads. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5
H Improper Control of Dynamically-Managed Code Resources signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the `restoreFilePath` global variable, which can be manipulated through the `/skServer/validateBackup` endpoint. An attacker with the relevant access, can gain unauthorized administrative access and execute arbitrary system commands by uploading a crafted backup file and leveraging the restore process to overwrite critical configuration files. How to fix Improper Control of Dynamically-Managed Code Resources? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5
M Information Exposure signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Information Exposure via the exposed endpoints `/skServer/serialports`, `/skServer/availablePaths`, and `/skServer/hasAnalyzer` that are not protected by authentication middleware. An unauthenticated attacker can access sensitive system information, including the full data schema, connected serial devices, and installed analyzer tools. How to fix Information Exposure? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5
L User Impersonation signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to User Impersonation via the access request system. An attacker can obtain elevated privileges and impersonate trusted devices by submitting misleading descriptions, spoofing internal IP addresses through the `X-Forwarded-For` header, and requesting higher permissions than indicated. This increases the likelihood of administrator approval through social engineering. How to fix User Impersonation? Upgrade `signalk-server` to version 2.19.0-beta.5 or higher.	<2.19.0-beta.5

Vulnerability

Vulnerable Version

Directory Traversal

signalk-server is an An implementation of a Signal K server for boats.

Affected versions of this package are vulnerable to Directory Traversal via improper validation in the validateAppId function. An attacker can access arbitrary files and directories outside the intended directory by supplying specially crafted input containing backslashes as directory separators on Windows systems. This may allow reading, writing, or listing sensitive files with the privileges of the authenticated user.

How to fix Directory Traversal?

Upgrade signalk-server to version 2.20.3 or higher.

<2.20.3

Authentication Bypass Using an Alternate Path or Channel

signalk-server is an An implementation of a Signal K server for boats.

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the startServerEvents and queryRequest functions. When allow_readonly is enabled, an unauthenticated attacker can obtain authentication tokens for any user by enumerating WebSocket events to discover access request IDs and then polling the access request status endpoint to retrieve issued tokens.

How to fix Authentication Bypass Using an Alternate Path or Channel?