2.5.10
11 years ago
8 days ago
Known vulnerabilities in the webtorrent package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
webtorrent is a streaming torrent client for node.js and the browser. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). If the torrent contains a specially crafted title or file name, and the user starts the WebTorrent HTTP server via How to fix Cross-site Scripting (XSS)? Upgrade | <0.107.6 |
webtorrent is a streaming torrent client for node.js and the browser. Affected versions of this package are vulnerable to DNS Rebinding. When the request hostname does not match the user-provided How to fix DNS Rebinding? Upgrade | <0.105.2 |