caffeinated-whale-cli 0.11.6 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the caffeinated-whale-cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Incorrect Default Permissions caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access controls, causing them to inherit permissive default permissions. An attacker can exploit this by accessing these files on the same system, allowing unauthorized retrieval of cached credentials, API keys, or other sensitive data. How to fix Incorrect Default Permissions? Upgrade `caffeinated-whale-cli` to version 0.14.0 or higher.	[,0.14.0)
C Command Injection caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Command Injection due to improper validation and sanitization of user-supplied site names and bench path inputs in the `unlock` command. The command constructs shell calls using these values without neutralizing shell metacharacters. An attacker can exploit this by providing crafted input containing characters such as `;`, `&`, `\|`, or `$` to execute arbitrary system commands with the privileges of the running process. How to fix Command Injection? Upgrade `caffeinated-whale-cli` to version 0.14.0 or higher.	[,0.14.0)

Vulnerability

Vulnerable Version

Incorrect Default Permissions

caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances.

Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access controls, causing them to inherit permissive default permissions. An attacker can exploit this by accessing these files on the same system, allowing unauthorized retrieval of cached credentials, API keys, or other sensitive data.

How to fix Incorrect Default Permissions?

Upgrade caffeinated-whale-cli to version 0.14.0 or higher.

[,0.14.0)

Command Injection

caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances.

Affected versions of this package are vulnerable to Command Injection due to improper validation and sanitization of user-supplied site names and bench path inputs in the unlock command. The command constructs shell calls using these values without neutralizing shell metacharacters. An attacker can exploit this by providing crafted input containing characters such as ;, &, |, or $ to execute arbitrary system commands with the privileges of the running process.

How to fix Command Injection?

Upgrade caffeinated-whale-cli to version 0.14.0 or higher.

[,0.14.0)

caffeinated-whale-cli@0.11.6 vulnerabilities

A CLI tool to help manage Frappe Docker instances.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically