keyring@0.9.3 vulnerabilities

Store and access your passwords safely.

Direct Vulnerabilities

Known vulnerabilities in the keyring package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Incorrect Default Permissions

Affected versions of this package are vulnerable to Incorrect Default Permissions. Keyring files are created with world-readable permissions.

How to fix Incorrect Default Permissions?

Upgrade keyring to version 0.10 or higher.

[,0.10)
  • M
Insecure Permissions

keyring is a Store and access your passwords safely. Affected versions of this package are vulnerable to Insecure permissions due to an incomplete fix for CVE-2012-5577.

It would create its configuration file world-readable which was fixed in CVE-2012-5577, however it only changed the permissions of an existing configuration file, which is incomplete.

How to fix Insecure Permissions?

Upgrade to version 0.10 or greater.

[0.9.2,0.10)