alerta-server@7.3.1 vulnerabilities

Alerta server WSGI application

Direct Vulnerabilities

Known vulnerabilities in the alerta-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

alerta-server is an Alerta server WSGI application

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the full name field.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for alerta-server.

[0,)
  • H
Authentication Bypass

alerta-server is an Alerta server WSGI application

Affected versions of this package are vulnerable to Authentication Bypass. Users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider.

How to fix Authentication Bypass?

Upgrade alerta-server to version 7.5.7, 8.1.0 or higher.

[,7.5.7) [8.0.0,8.1.0)