0.9.0a12
1 months ago
17 days ago
Known vulnerabilities in the stigmem-node package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the How to fix Authorization Bypass Through User-Controlled Key? Upgrade | [,0.9.0a12) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Incorrect Authorization in the How to fix Incorrect Authorization? Upgrade | [,0.9.0a12) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Incorrect Authorization in the How to fix Incorrect Authorization? Upgrade | [,0.9.0a12) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol in the plugin signature enforcement process. An attacker can execute unauthorized code by placing unsigned plugins in writable plugin directories when signature enforcement is disabled. This is only exploitable if the plugin directories are writable by less-trusted users and the configuration flag to disable signature enforcement is set. How to fix Resources Downloaded over Insecure Protocol? Upgrade | [,0.9.0a2) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the peer registration process. An attacker can impersonate a federation peer or intercept registration by submitting malicious key material without requiring explicit administrator approval or out-of-band fingerprint verification. This is only exploitable if federation peer registration is exposed to untrusted networks and administrator approval is not enforced. How to fix Insufficient Verification of Data Authenticity? Upgrade | [,0.9.0a2) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Active Debug Code in the federation process when mTLS is explicitly disabled and the node is bound to a non-loopback URL. An attacker can intercept sensitive federation traffic by performing a network man-in-the-middle attack. This is only exploitable if federation is enabled, mTLS is disabled, and the node is configured to listen on a non-loopback interface. How to fix Active Debug Code? Upgrade | [,0.9.0a2) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to improper validation in the How to fix Insufficient Verification of Data Authenticity? Upgrade | [,0.9.0a2) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to Missing Authorization in deployments where authentication is disabled and the node is bound to a non-loopback URL. An attacker can gain unauthorized read, write, and federation access by connecting to the exposed service. This is only exploitable if authentication is intentionally disabled and the service is accessible from outside the local loopback interface. How to fix Missing Authorization? Upgrade | [,0.9.0a2) |
stigmem-node is a Stigmem reference node — single-host production implementation Affected versions of this package are vulnerable to SQL Injection in the handling of Postgres schema identifiers due to improper quoting and interpolation into SQL strings. An attacker can execute arbitrary SQL commands by supplying crafted schema names. This is only exploitable if schema names are derived from untrusted sources such as request, tenant, header, or user input. How to fix SQL Injection? Upgrade | [,0.9.0a2) |