6.0.0
14 years ago
2 years ago
Known vulnerabilities in the mezzanine package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel due to the manipulation of the How to fix Authentication Bypass Using an Alternate Path or Channel? There is no fixed version for | [0,) |
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the admin panel. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for | [0,) |
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) as the admin does not use CSRF token for forms. How to fix Cross-site Request Forgery (CSRF)? Upgrade | [,0.10.5) |
Affected versions of this package are vulnerable to Insecure Defaults due to How to fix Insecure Defaults? Upgrade | [,1.4.8) |
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows remote attackers to execute arbitrary code via the How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |
mezzanine is a content management platform. Affected versions of this package are vulnerable to Information Exposure. The password reset url is exposed to untrusted intermediary nodes in the network. How to fix Information Exposure? Upgrade | [,4.3.0) |