conan@0.21.1 vulnerabilities

Conan C/C++ package manager

Direct Vulnerabilities

Known vulnerabilities in the conan package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

conan is a Conan C/C++ package manager

Affected versions of this package are vulnerable to Improper Authorization in the server's authorization mechanism, by the check_read_conan, check_write_conan, and check_delete_conan methods in the authorize() function, as well as via authentication checks in file_downloader() and file_uploader() functions. This allows users to bypass permission checks if the package owner's username matches their own.

Note: This is exploitable only by an authenticated user who owns a package.

How to fix Improper Authorization?

Upgrade conan to version 2.9.0 or higher.

[,2.9.0)