misp-modules 3.0.7

Direct Vulnerabilities

Known vulnerabilities in the misp-modules package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the `html_to_markdown` and `qrcode` modules when handling remote resource fetching. An attacker can access internal network resources or intercept and manipulate network traffic by supplying crafted URLs or exploiting disabled TLS certificate verification. How to fix Server-side Request Forgery (SSRF)? A fix was pushed into the `master` branch but not yet published.	[0,)
C Cross-site Request Forgery (CSRF) misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the `home` blueprint, which was exempted from CSRF protection. An attacker can perform unauthorized actions in the context of an authenticated user by tricking them into submitting unintended requests to the affected endpoint. How to fix Cross-site Request Forgery (CSRF)? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the html_to_markdown and qrcode modules when handling remote resource fetching. An attacker can access internal network resources or intercept and manipulate network traffic by supplying crafted URLs or exploiting disabled TLS certificate verification.

How to fix Server-side Request Forgery (SSRF)?

A fix was pushed into the master branch but not yet published.

[0,)

Cross-site Request Forgery (CSRF)

misp-modules is a MISP modules are autonomous modules that can be used for expansion and other services in MISP

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the home blueprint, which was exempted from CSRF protection. An attacker can perform unauthorized actions in the context of an authenticated user by tricking them into submitting unintended requests to the affected endpoint.

How to fix Cross-site Request Forgery (CSRF)?

A fix was pushed into the master branch but not yet published.

[0,)

misp-modules@3.0.7

MISP modules are autonomous modules that can be used for expansion and other services in MISP

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically