spotipy 2.10.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the spotipy package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS) spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `RequestHandler.do_GET` function due to the `error` parameter in the OAuth callback server. An attacker can execute arbitrary JavaScript in the user's browser by injecting malicious code during the authentication process. How to fix Cross-site Scripting (XSS)? Upgrade `spotipy` to version 2.25.2 or higher.	[,2.25.2)
H Incorrect Default Permissions spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Incorrect Default Permissions via the `CacheHandler` class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spotify auth token exposed in the file created by the `CacheHandler` class with the `rw-r--r--` (644) default permissions. How to fix Incorrect Default Permissions? Upgrade `spotipy` to version 2.25.1 or higher.	[,2.25.1)
M Directory Traversal spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Directory Traversal due to improper input validation. If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended, which can contain How to fix Directory Traversal? Upgrade `spotipy` to version 2.22.1 or higher.	[,2.22.1)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

spotipy is an A light weight Python library for the Spotify Web API

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the RequestHandler.do_GET function due to the error parameter in the OAuth callback server. An attacker can execute arbitrary JavaScript in the user's browser by injecting malicious code during the authentication process.

How to fix Cross-site Scripting (XSS)?

Upgrade spotipy to version 2.25.2 or higher.

[,2.25.2)

Incorrect Default Permissions

spotipy is an A light weight Python library for the Spotify Web API

Affected versions of this package are vulnerable to Incorrect Default Permissions via the CacheHandler class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spotify auth token exposed in the file created by the CacheHandler class with the rw-r--r-- (644) default permissions.

How to fix Incorrect Default Permissions?

Upgrade spotipy to version 2.25.1 or higher.

[,2.25.1)

Directory Traversal

spotipy is an A light weight Python library for the Spotify Web API

Affected versions of this package are vulnerable to Directory Traversal due to improper input validation. If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended, which can contain

How to fix Directory Traversal?

Upgrade spotipy to version 2.22.1 or higher.

[,2.22.1)

spotipy@2.10.0 vulnerabilities

A light weight Python library for the Spotify Web API

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically