nautobot@1.6.18 vulnerabilities

Source of truth and network automation platform.

latest version

2.2.4
latest non vulnerable version

2.2.4
first published

3 years ago
latest version published

19 hours ago
licenses detected
- Apache-2.0
  [0,)
View nautobot package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nautobot package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Cross-site Scripting (XSS) nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings. An attacker can manipulate web content and execute scripts in the context of the user's browser by injecting arbitrary HTML content into these settings. How to fix Cross-site Scripting (XSS)? Upgrade `nautobot` to version 1.6.22, 2.2.4 or higher.	[,1.6.22) [2.0.0,2.2.4)
M Cross-site Scripting (XSS) nautobot is a Source of truth and network automation platform. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling and escaping of user-provided query parameters. All filterable object-list views are vulnerable. How to fix Cross-site Scripting (XSS)? Upgrade `nautobot` to version 1.6.20, 2.2.3 or higher.	[1.5.0,1.6.20) [2.0.0,2.2.3)

Cross-site Scripting (XSS)

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings. An attacker can manipulate web content and execute scripts in the context of the user's browser by injecting arbitrary HTML content into these settings.

How to fix Cross-site Scripting (XSS)?

Upgrade nautobot to version 1.6.22, 2.2.4 or higher.

[,1.6.22) [2.0.0,2.2.4)

Cross-site Scripting (XSS)

nautobot is a Source of truth and network automation platform.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper handling and escaping of user-provided query parameters. All filterable object-list views are vulnerable.

How to fix Cross-site Scripting (XSS)?

Upgrade nautobot to version 1.6.20, 2.2.3 or higher.

[1.5.0,1.6.20) [2.0.0,2.2.3)

Go back to all versions of this package

nautobot@1.6.18 vulnerabilities

Source of truth and network automation platform.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities