ckan@2.10.1 vulnerabilities
CKAN Software
-
latest version
2.10.4
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
2 months ago
-
licenses detected
- [0.11,)
Direct Vulnerabilities
Known vulnerabilities in the ckan package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to the user endpoint not performing filtering on an incoming parameter, which was added directly to the application log. An attacker can inject false log entries or corrupt the log file format by sending crafted input. How to fix Improper Output Neutralization for Logs? Upgrade |
[,2.9.11)
[2.10.0,2.10.4)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the Note: This is only exploitable if the user has permissions to create or edit datasets. How to fix Improper Handling of Length Parameter Inconsistency? Upgrade |
[2.0,2.9.10)
[2.10.0,2.10.3)
|