2.4.0
19 years ago
5 months ago
Known vulnerabilities in the roundup package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the How to fix Cross-site Scripting (XSS)? Upgrade | [,2.4.0) |
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via JavaScript in PDF, XML, and SVG documents. An attacker can inject malicious scripts that may be executed in the context of the user's session by embedding them into the affected document types. How to fix Cross-site Scripting (XSS)? Upgrade | [,2.4.0) |
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the HTTP How to fix Cross-site Scripting (XSS)? Upgrade | [,2.4.0) |
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Timing Attack via the How to fix Timing Attack? Upgrade | [,2.1.0b1) |
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Improper Access Control due to the usage of the 'Access-Control-Allow-Credentials' header when using REST. Exploiting this vulnerability allows unauthorized third-party websites to use a user's credentials to access information in the tracker that is not publicly available. How to fix Improper Access Control? Upgrade | [,2.3.0b2) |
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces. Affected versions of this package are vulnerable to Cross-site Scripting (XSS)
via the URI because How to fix Cross-site Scripting (XSS)? Upgrade | [0,2.0.0) |