fprime-gds@3.2.1a1 vulnerabilities

F Prime Flight Software Ground Data System layer

3.6.1

3 years ago

2 months ago

Known vulnerabilities in the fprime-gds package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Cross-site Scripting (XSS) on the Run Commands table. An attacker can execute scripts in the context of the browser by injecting malicious strings as `cmdDisp.CMD_NO_OP_STRING`. How to fix Cross-site Scripting (XSS)? There is no fixed version for `fprime-gds`.	[0,)
H Insecure Defaults fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Insecure Defaults by repeated invocation of `send_command()`, which can overflow the queue and consume excessive memory. How to fix Insecure Defaults? There is no fixed version for `fprime-gds`.	[0,)
M Cross-site Scripting (XSS) fprime-gds is a F Prime Flight Software Ground Data System layer Affected versions of this package are vulnerable to Cross-site Scripting (XSS) by uploading a malicious Vue file as a `cmdDisp.CMD_NO_OP_STRING` in the Dashboard tab. How to fix Cross-site Scripting (XSS)? There is no fixed version for `fprime-gds`.	[0,)