freetakserver-ui@0.1.8.1.2 vulnerabilities

an optional UI for FreeTAKServer

Direct Vulnerabilities

Known vulnerabilities in the freetakserver-ui package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

FreeTAKServer-UI is an an optional UI for FreeTAKServer

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Callsign parameter.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for FreeTAKServer-UI.

[0,)
  • M
SQL Injection

FreeTAKServer-UI is an an optional UI for FreeTAKServer

Affected versions of this package are vulnerable to SQL Injection via the API endpoint /AuthenticateUser.

How to fix SQL Injection?

There is no fixed version for FreeTAKServer-UI.

[0,)
  • H
Information Exposure

FreeTAKServer-UI is an an optional UI for FreeTAKServer

Affected versions of this package are vulnerable to Information Exposure due to leakage of sensitive API and Websocket keys.

How to fix Information Exposure?

There is no fixed version for FreeTAKServer-UI.

[0,)
  • H
Directory Traversal

FreeTAKServer-UI is an an optional UI for FreeTAKServer

Affected versions of this package are vulnerable to Directory Traversal due to improper sanitizing the ?filename= argument of the route /DataPackageTable. This vulnerability allows attackers to place arbitrary files anywhere on the system.

How to fix Directory Traversal?

There is no fixed version for FreeTAKServer-UI.

[0,)