Homepage

attic@0.11 vulnerabilities

Deduplicated backups

  • latest version

    0.16

  • latest non vulnerable version

    0.16

  • first published

    11 years ago

  • latest version published

    9 years ago

  • licenses detected

  • View attic package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the attic package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Decryption Attacks

    attic is a Deduplicated backups.

    Affected versions of this package are vulnerable to decryption attacks. It is possible for the client to determine whether to encrypt the sent data, via a query to the server. An attacker may disable the encryption by deleting the storage on the server and specifying encryption to be off. On the next automated backup, the client will send data unencrypted to the server, including passwords and passphrases.

    How to fix Decryption Attacks?

    Upgrade attic to version 0.15 or higher.

    [,0.15)
    Go back to all versions of this package