Homepage

authbwc@0.1.3 vulnerabilities

A user authentication and authorization component for the BlazeWeb framework

  • latest version

    0.3.3

  • latest non vulnerable version

    0.3.3

  • first published

    14 years ago

  • latest version published

    4 years ago

  • licenses detected

  • View authbwc package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the authbwc package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Access Restriction Bypass

    authbwc is a user authentication and authorization component for the BlazeWeb framework.

    Affected versions of this package are vulnerable to Access Restriction Bypass via the password reset process. It allowed inactive users to login.

    [,0.3.1)
    • L
    Privilege Escalation

    authbwc is a user authentication and authorization component for the BlazeWeb framework.

    Affected versions of this package are vulnerable to Privilege Escalation. It was possible for a user to gain the permissions of the user logged in previously due to the way the HTTP session user permissions were loaded. A malicious user can log in after an admin has been logged in and not logged out, and gain their privileges.

    [,0.1.4)
    Go back to all versions of this package