ckan@2.7.8 vulnerabilities
CKAN Software
-
latest version
2.11.0
-
latest non vulnerable version
-
first published
18 years ago
-
latest version published
3 months ago
-
licenses detected
- [0.11,)
Direct Vulnerabilities
Known vulnerabilities in the ckan package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Information Exposure Through an Error Message due to the error handling mechanism in the How to fix Information Exposure Through an Error Message? Upgrade |
[2.0,2.10.5)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[2.7.0,2.10.5)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to missing checks via the use of CKAN plugins, including How to fix Server-Side Request Forgery (SSRF)? Upgrade |
[,2.10.5)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to the user endpoint not performing filtering on an incoming parameter, which was added directly to the application log. An attacker can inject false log entries or corrupt the log file format by sending crafted input. How to fix Improper Output Neutralization for Logs? Upgrade |
[,2.9.11)
[2.10.0,2.10.4)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Authorization such that the These issues allow an attacker to perform code execution or privilege escalation if an arbitrary file write bug was available. How to fix Improper Authorization? Upgrade |
[,2.9.9)
[2.10.0,2.10.1)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the Note: This is only exploitable if the user has permissions to create or edit datasets. How to fix Improper Handling of Length Parameter Inconsistency? Upgrade |
[2.0,2.9.10)
[2.10.0,2.10.3)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Arbitrary File Upload. A user with permissions to create or edit a dataset can upload a resource with a specially crafted resource ID to write the uploaded file in an arbitrary location using path traversal. The arbitrary file write is in the This may enable remote code execution via Beaker's insecure pickle loading when configured to use the file session store backend. Denial of service may be possible by passing a resource ID of excessive length. How to fix Arbitrary File Upload? Upgrade |
[,2.9.9)
[2.10.0,2.10.1)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Access Restriction Bypass. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the The affected images are:
How to fix Access Restriction Bypass? Upgrade |
[,2.8.12)
[2.9.0,2.9.7)
|
ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online and is fully customizable via extensions and plugins. Affected versions of this package are vulnerable to Improper Access Control when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts. How to fix Improper Access Control? Upgrade |
[,2.9.7)
|