Homepage
About Snyk

aleksis-core@2.1.dev0 vulnerabilities

AlekSIS (School Information System) — Core

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the aleksis-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Access Restriction Bypass

aleksis-core is a This is the core of the AlekSIS framework and the official distribution (see below). It bundles functionality for all apps, and utilities for developers and administrators.

Affected versions of this package are vulnerable to Access Restriction Bypass in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin which allows attackers to access arbitrary scopes if no allowed scopes are specifically set.

How to fix Access Restriction Bypass?

Upgrade aleksis-core to version 2.9 or higher.

[,2.9)
Go back to all versions of this package