freetakserver-ui@0.1.7.9 vulnerabilities

an optional UI for FreeTAKServer

latest version

2.2.1
first published

4 years ago
latest version published

5 months ago
licenses detected
- EPL-1.0
  [0.1.0,2.2)
View freetakserver-ui package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the freetakserver-ui package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) FreeTAKServer-UI is an an optional UI for FreeTAKServer Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `Callsign` parameter. How to fix Cross-site Scripting (XSS)? There is no fixed version for `FreeTAKServer-UI`.	[0,)
M SQL Injection FreeTAKServer-UI is an an optional UI for FreeTAKServer Affected versions of this package are vulnerable to SQL Injection via the API endpoint `/AuthenticateUser`. How to fix SQL Injection? There is no fixed version for `FreeTAKServer-UI`.	[0,)
H Information Exposure FreeTAKServer-UI is an an optional UI for FreeTAKServer Affected versions of this package are vulnerable to Information Exposure due to leakage of sensitive API and Websocket keys. How to fix Information Exposure? There is no fixed version for `FreeTAKServer-UI`.	[0,)
H Directory Traversal FreeTAKServer-UI is an an optional UI for FreeTAKServer Affected versions of this package are vulnerable to Directory Traversal due to improper sanitizing the `?filename=` argument of the route `/DataPackageTable`. This vulnerability allows attackers to place arbitrary files anywhere on the system. How to fix Directory Traversal? There is no fixed version for `FreeTAKServer-UI`.	[0,)