Homepage

terriajs-server@3.0.0-test-3

NodeJS server for TerriaJS, consisting of a CORS proxy, proj4 CRS lookup service, and express static server.

  • latest version

    4.0.4

  • latest non vulnerable version

    5.0.0-alpha.2

  • first published

    10 years ago

  • latest version published

    2 months ago

  • licenses detected

  • View terriajs-server package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the terriajs-server package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    terriajs-server is a basic NodeJS Express server that serves up a (not included) static TerriaJS-based site (such as National Map) with a few additional useful services.

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper validation in the proxyableDomains configuration. An attacker can bypass domain restrictions by registering a domain with a name that ends with an allowed domain and proxy unauthorized content through the server.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade terriajs-server to version 4.0.3 or higher.

    <4.0.3
    Go back to all versions of this package