Homepage

conan@1.66.0 vulnerabilities

Conan C/C++ package manager

  • latest version

    2.11.0

  • latest non vulnerable version

    2.11.0

  • first published

    8 years ago

  • latest version published

    8 days ago

  • licenses detected

  • View conan package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the conan package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Authorization

    conan is a Conan C/C++ package manager

    Affected versions of this package are vulnerable to Improper Authorization in the server's authorization mechanism, by the check_read_conan, check_write_conan, and check_delete_conan methods in the authorize() function, as well as via authentication checks in file_downloader() and file_uploader() functions. This allows users to bypass permission checks if the package owner's username matches their own.

    Note: This is exploitable only by an authenticated user who owns a package.

    How to fix Improper Authorization?

    Upgrade conan to version 2.9.0 or higher.

    [,2.9.0)
    Go back to all versions of this package