rdiffweb@2.4.6 vulnerabilities
A web interface to rdiff-backup repositories.
-
latest version
2.8.9
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the rdiffweb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect which allows attackers to reroute users to any website of their choice, potentially enabling phishing attacks. How to fix Open Redirect? Upgrade |
[,2.5.1)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling by exploiting the lack of resource allocation limits or throttling when creating access tokens. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.8.4)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. There is no rate limit on the send report feature on the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.8.1)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) by allowing SSH key names formatted like URL strings to be automatically converted into links. How to fix Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect by allowing an attacker to inject a malicious link when sending an email invitation. How to fix Open Redirect? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Business Logic Errors such that if an attacker is able to add SSH key by any means, the user will remain unaware of this change. How to fix Business Logic Errors? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the How to fix Authentication Bypass by Primary Weakness? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass by allowing multiple users to authenticate with the same SSH key. How to fix Access Control Bypass? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to insufficient checks in the How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,2.5.4)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect due to improper validation of the header value, allowing the attacker to supply invalid input. How to fix Open Redirect? Upgrade |
[,2.5.4)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Improper Privilege Management by allowing an attacker to perform unauthorized actions even after removing the permissions from the attacker-controled account. How to fix Improper Privilege Management? Upgrade |
[,2.5.2)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Missing Authentication for Critical Function by allowing an attacker to bypass 2FA verification and restrict a user from accessing his account. How to fix Missing Authentication for Critical Function? Upgrade |
[,2.5.0)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Insufficient Session Expiration when the active sessions are not being expired after changing a password. This results in old sessions being active in any other browser or devices. How to fix Insufficient Session Expiration? Upgrade |
[,2.5.0a8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Business Logic Errors in the multi-factor authentication functionality. How to fix Business Logic Errors? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Insufficient Session Expiration due to missing predefined timeouts which will allow an attacker to steal the user-session when using a shared computer. How to fix Insufficient Session Expiration? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing checks in login, mfa, password change and API functionalities. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing a maximum number of requests per hour that can be made on sensitive endpoints. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Origin Validation Error due to missing checks in How to fix Origin Validation Error? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect by allowing an attacker to inject a malicious link when sending an email invitation. How to fix Open Redirect? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Directory Traversal by allowing an attacker to access the How to fix Directory Traversal? Upgrade |
[,2.4.10)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Weak Password Requirements due to allowing a user to set a new password that is the same as the previous password, during a password reset. How to fix Weak Password Requirements? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing a limit on the password change feature which allows an attacker to bruteforce the old password and set a new password for the account. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.0a7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to improper cache control which allows an attacker to view sensitive information even if the attacker is not logged into the account. How to fix Use of Cache Containing Sensitive Information? Upgrade |
[,2.4.9)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Weak Password Requirements due to improper filtering blank spaces used in a password, allowing an attacker to bypass password policy complexity. How to fix Weak Password Requirements? Upgrade |
[,2.4.9)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to insufficient checks in user input parameters, by allowing an attacker to set a large email address, leading to memory corruption/possible DOS attack. How to fix Improper Handling of Length Parameter Inconsistency? Upgrade |
[,2.4.8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency due to insufficient checks in user input parameters, by allowing an attacker to set a How to fix Improper Handling of Length Parameter Inconsistency? Upgrade |
[,2.4.8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient checks in user input parameters, by allowing an attacker to set a How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.4.8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to no length limit for user input parameters like root directory name. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.4.8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception due to the webpage reflecting an invalid path which allows an attacker to inject malicious data into the page of a web application to feed misleading information to users of the application. How to fix Improper Cleanup on Thrown Exception? Upgrade |
[2.4.6,2.4.8)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Session Fixation. When disconnection from the application, the application continues to use the How to fix Session Fixation? Upgrade |
[,2.4.7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) by changing the How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[0,2.4.7)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) which makes it possible for a malicious attacker to change the settings of repository by sending the URL to the victim. How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,2.4.7)
|