terriajs-server@1.4.1 vulnerabilities
NodeJS server for TerriaJS, consisting of a CORS proxy, proj4 CRS lookup service, and express static server.
latest version
4.0.1
latest non vulnerable version
first published
8 years ago
latest version published
6 months ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the terriajs-server package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
terriajs-server is a basic NodeJS Express server that serves up a (not included) static TerriaJS-based site (such as National Map) with a few additional useful services. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). If an attacker has access to a server whitelisted by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the attacker can use the terriajs-server proxy to access any HTTP-accessible resources that are accessible to the server, including private resources in the hosting environment. How to fix Server-Side Request Forgery (SSRF)? Upgrade | <2.7.4 |
terriajs-server is a basic NodeJS Express server that serves up a (not included) static TerriaJS-based site (such as National Map) with a few additional useful services. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). Once an attacker has access to a server whitelisted by the terriajs-server proxy, or the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the terriajs-server proxy can be used to access any HTTP resources accessible to the server, including private data in the hosting environment. How to fix Server-Side Request Forgery (SSRF)? Upgrade | <2.7.4 |