Homepage

firefighter-incident@0.0.50

Incident Management tool made for Slack using Django

  • latest version

    0.0.54

  • latest non vulnerable version

    0.0.54

  • first published

    2 years ago

  • latest version published

    17 days ago

  • licenses detected

  • View firefighter-incident package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the firefighter-incident package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    firefighter-incident is an Incident Management tool made for Slack using Django

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the CreateJiraBotView class. An attacker can access internal resources and exfiltrate sensitive data by submitting crafted requests to the unauthenticated endpoint, causing the server to fetch arbitrary URLs and upload their contents as attachments.

    Note: This is only exploitable if the deployment does not enforce IMDSv2 on EC2/EKS nodes.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade firefighter-incident to version 0.0.54 or higher.

    [,0.0.54)
    Go back to all versions of this package