FreeTAKServer@1.5.10.1 vulnerabilities

An open source server for the TAK family of applications.

Known vulnerabilities in the FreeTAKServer package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the `addSysteUser` , `file_hash`, `read_yaml_config` methods and `username` parameter. How to fix Cross-site Scripting (XSS)? Upgrade `FreeTAKServer` to version 2.0.21 or higher.	[,2.0.21)
H Use of Hard-coded Credentials FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Use of Hard-coded Credentials. This package contains a hardcoded Flask secret key that allows attackers to create crafted cookies to bypass authentication or escalate privileges. How to fix Use of Hard-coded Credentials? Upgrade `FreeTAKServer` to version 1.9.8.5 or higher.	[,1.9.8.5)
H Improper Access Control FreeTAKServer is an An open source server for the TAK family of applications. Affected versions of this package are vulnerable to Improper Access Control in the component `/ManageRoute/postRoute` which allows unauthenticated attackers to cause a Denial of Service via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. How to fix Improper Access Control? Upgrade `FreeTAKServer` to version 1.9.8.6 or higher.	[0,1.9.8.6)