alerta-server@5.2.2 vulnerabilities
Alerta server WSGI application
-
latest version
9.0.4
-
first published
10 years ago
-
latest version published
3 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the alerta-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
[0,)
|
alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to Authentication Bypass. Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. How to fix Authentication Bypass? Upgrade |
[,7.5.7)
[8.0.0,8.1.0)
|