1.12.0
8 years ago
9 days ago
Known vulnerabilities in the apprise package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
apprise is an Apprise - Push Notifications that work with just about every platform!. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the HTTP-based notification plugins and HTTP attachment/config loaders when authentication headers and query parameters are resent during HTTP redirects. An attacker can obtain sensitive information such as authentication tokens and service keys by intercepting these values if they control a redirecting endpoint or are positioned on the network path. How to fix Insertion of Sensitive Information Into Sent Data? Upgrade | [,1.11.0) |