omero-web@5.25.0 vulnerabilities


Direct Vulnerabilities

Known vulnerabilities in the omero-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Input Validation

omero-web is an OMERO.web

Affected versions of this package are vulnerable to Improper Input Validation via the callback parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled.

How to fix Improper Input Validation?

Upgrade omero-web to version 5.26.0 or higher.