Homepage
About Snyk

conan@1.14.4 vulnerabilities

Conan C/C++ package manager

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the conan package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

conan is a Conan C/C++ package manager

Affected versions of this package are vulnerable to Improper Authorization in the server's authorization mechanism, by the check_read_conan, check_write_conan, and check_delete_conan methods in the authorize() function, as well as via authentication checks in file_downloader() and file_uploader() functions. This allows users to bypass permission checks if the package owner's username matches their own.

Note: This is exploitable only by an authenticated user who owns a package.

How to fix Improper Authorization?

Upgrade conan to version 2.9.0 or higher.

[,2.9.0)
Go back to all versions of this package