dfir-unfurl@20241120 vulnerabilities

Unfurl takes a URL and expands ("unfurls") it into a directed graph

latest version

20250810

first published

5 years ago

latest version published

7 months ago

licenses detected

Apache-2.0
[0,)

View dfir-unfurl package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dfir-unfurl package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Active Debug Code dfir-unfurl is an Unfurl takes a URL and expands ("unfurls") it into a directed graph Affected versions of this package are vulnerable to Active Debug Code due to improper parsing of the `debug` configuration value, which is always interpreted as truthy and enables the Werkzeug debugger regardless of intended settings. An attacker can gain access to sensitive information and potentially execute arbitrary code by accessing the exposed debugger interface if the service is accessible from outside the local environment. How to fix Active Debug Code? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Handling of Highly Compressed Data (Data Amplification) dfir-unfurl is an Unfurl takes a URL and expands ("unfurls") it into a directed graph Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the `zlib.decompress` function in the compressed data parsing process. An attacker can exhaust system memory and cause the service to crash by submitting a specially crafted, highly compressed payload that expands to a very large size upon decompression. How to fix Improper Handling of Highly Compressed Data (Data Amplification)? There is no fixed version for `dfir-unfurl`.	[0,)

Active Debug Code

dfir-unfurl is an Unfurl takes a URL and expands ("unfurls") it into a directed graph

Affected versions of this package are vulnerable to Active Debug Code due to improper parsing of the debug configuration value, which is always interpreted as truthy and enables the Werkzeug debugger regardless of intended settings. An attacker can gain access to sensitive information and potentially execute arbitrary code by accessing the exposed debugger interface if the service is accessible from outside the local environment.

How to fix Active Debug Code?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Handling of Highly Compressed Data (Data Amplification)

dfir-unfurl is an Unfurl takes a URL and expands ("unfurls") it into a directed graph

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the zlib.decompress function in the compressed data parsing process. An attacker can exhaust system memory and cause the service to crash by submitting a specially crafted, highly compressed payload that expands to a very large size upon decompression.

How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

There is no fixed version for dfir-unfurl.

[0,)

Go back to all versions of this package