buildbot@0.9.6 vulnerabilities
The Continuous Integration Framework
-
latest version
3.11.2
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
2 days ago
-
licenses detected
- [0.7.3,2.4.0)
Direct Vulnerabilities
Known vulnerabilities in the buildbot package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Credentials Disclosure. Buildbot accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can authenticate as the victim. How to fix Credentials Disclosure? Upgrade |
[0.9.5,1.8.2)
[2.0.0,2.3.1)
|
buildbot is a continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to CRLF injection in the Location header of How to fix CRLF injection? Upgrade |
[,1.8.1)
|
buildbot is an open-source continuous integration framework for automating software build, test, and release processes. Affected versions of this package are vulnerable to Timing Attack. It implemented a character to character comparison How to fix Timing Attack? Upgrade |
[,1.3.0)
|