apprise@1.9.3

Push Notifications that work with just about every platform!

  • latest version

    1.12.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    9 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the apprise package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Insertion of Sensitive Information Into Sent Data

    apprise is an Apprise - Push Notifications that work with just about every platform!.

    Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the HTTP-based notification plugins and HTTP attachment/config loaders when authentication headers and query parameters are resent during HTTP redirects. An attacker can obtain sensitive information such as authentication tokens and service keys by intercepting these values if they control a redirecting endpoint or are positioned on the network path.

    How to fix Insertion of Sensitive Information Into Sent Data?

    Upgrade apprise to version 1.11.0 or higher.

    [,1.11.0)