rdiffweb@2.5.2 vulnerabilities
A web interface to rdiff-backup repositories.
-
latest version
2.8.9
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the rdiffweb package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling by exploiting the lack of resource allocation limits or throttling when creating access tokens. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.8.4)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. There is no rate limit on the send report feature on the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.8.1)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) by allowing SSH key names formatted like URL strings to be automatically converted into links. How to fix Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect by allowing an attacker to inject a malicious link when sending an email invitation. How to fix Open Redirect? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Business Logic Errors such that if an attacker is able to add SSH key by any means, the user will remain unaware of this change. How to fix Business Logic Errors? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the How to fix Authentication Bypass by Primary Weakness? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass by allowing multiple users to authenticate with the same SSH key. How to fix Access Control Bypass? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,2.5.5)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to insufficient checks in the How to fix Cross-site Request Forgery (CSRF)? Upgrade |
[,2.5.4)
|
rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Open Redirect due to improper validation of the header value, allowing the attacker to supply invalid input. How to fix Open Redirect? Upgrade |
[,2.5.4)
|