orchest@0.3.11 vulnerabilities

SDK for Orchest

Direct Vulnerabilities

Known vulnerabilities in the orchest package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Cross-site Request Forgery (CSRF)

orchest is a SDK for Orchest

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the handle_login() function in views.py, which allows users to take control of an instance due to not sufficiently authenticating cookies.

How to fix Cross-site Request Forgery (CSRF)?

A fix was pushed into the master branch but not yet published.

[0,)
  • C
Directory Traversal

orchest is a SDK for Orchest

Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization passed through the os.path.join call to the send_file function.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)