buildbot@0.8.4 vulnerabilities

The Continuous Integration Framework

  • latest version

    4.2.0

  • latest non vulnerable version

  • first published

    17 years ago

  • latest version published

    12 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the buildbot package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    CRLF injection

    buildbot is a continuous integration framework for automating software build, test, and release processes.

    Affected versions of this package are vulnerable to CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.

    How to fix CRLF injection?

    Upgrade buildbot to version 1.8.1 or higher.

    [,1.8.1)
    • H
    Timing Attack

    buildbot is an open-source continuous integration framework for automating software build, test, and release processes.

    Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison !=, and not a time constant string comparison. An attacker can use this difference to perform a timing attack, essentially allowing them to guess the encryption key one character at a time.

    How to fix Timing Attack?

    Upgrade buildbot to version 1.3.0 or higher.

    [,1.3.0)