Homepage

aiosyslogd@0.2.12 vulnerabilities

Asynchronous Syslog server using asyncio, with an optional uvloop integration and SQLite backend.

  • latest version

    1.1.1

  • latest non vulnerable version

    1.1.1

  • first published

    8 months ago

  • latest version published

    1 days ago

  • licenses detected

  • View aiosyslogd package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the aiosyslogd package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    aiosyslogd is an Asynchronous Syslog server using asyncio, with an optional uvloop integration and SQLite backend.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the dynamic log message highlighter in index.html. An attacker can execute arbitrary JavaScript by injecting crafted log messages containing HTML or script tags, as the highlighter uses innerHTML without proper sanitization when rendering log content. This allows malicious scripts to run in the browser context of users viewing the logs, potentially enabling session hijacking, credential theft, or unauthorized actions.

    How to fix Cross-site Scripting (XSS)?

    Upgrade aiosyslogd to version 1.0.4 or higher.

    [,1.0.4)
    Go back to all versions of this package