Homepage

openviking@0.3.6

An Agent-native context database

  • latest version

    0.3.19

  • latest non vulnerable version

    0.3.19

  • first published

    3 months ago

  • latest version published

    14 hours ago

  • licenses detected

  • View openviking package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the openviking package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Not Failing Securely ('Failing Open')

    openviking is an An Agent-native context database

    Affected versions of this package are vulnerable to Not Failing Securely ('Failing Open') via the VikingBot OpenAPI HTTP route when the api_key configuration value is unset or empty. An attacker can invoke privileged bot-control functionality, including submitting attacker-controlled prompts, creating or using bot sessions, and accessing downstream tools, integrations, secrets, or data accessible to the bot by sending requests without a valid X-API-Key header.

    How to fix Not Failing Securely ('Failing Open')?

    Upgrade openviking to version 0.3.9 or higher.

    [,0.3.9)
    Go back to all versions of this package