stigmem-node@0.9.0a3

Stigmem reference node — single-host production implementation

  • latest version

    0.9.0a12

  • latest non vulnerable version

  • first published

    1 months ago

  • latest version published

    16 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the stigmem-node package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Authorization Bypass Through User-Controlled Key

    stigmem-node is a Stigmem reference node — single-host production implementation

    Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the issue_tombstone process and the read-suppression path, where tenant scoping is not properly enforced. An attacker can access or suppress data belonging to other tenants by submitting requests that exploit the lack of tenant isolation. This is only exploitable if the deployment is configured with the stigmem-plugin-multi-tenant plugin enabled, allowing multiple tenants on a single node.

    How to fix Authorization Bypass Through User-Controlled Key?

    Upgrade stigmem-node to version 0.9.0a12 or higher.

    [,0.9.0a12)
    • H
    Incorrect Authorization

    stigmem-node is a Stigmem reference node — single-host production implementation

    Affected versions of this package are vulnerable to Incorrect Authorization in the run_decay_sweep process. An attacker can access or modify data belonging to other tenants by initiating a decay sweep with a write credential for one tenant, which acts on all tenants' facts due to missing tenant scoping. This is only exploitable if the deployment is running the opt-in stigmem-plugin-multi-tenant configuration.

    How to fix Incorrect Authorization?

    Upgrade stigmem-node to version 0.9.0a12 or higher.

    [,0.9.0a12)
    • H
    Incorrect Authorization

    stigmem-node is a Stigmem reference node — single-host production implementation

    Affected versions of this package are vulnerable to Incorrect Authorization in the routes/quarantine.py process. An attacker can access and modify other tenants' quarantined data by sending requests to the /v1/quarantine list and admit/reject endpoints without proper tenant isolation. This is only exploitable if the deployment is running the opt-in stigmem-plugin-multi-tenant configuration.

    How to fix Incorrect Authorization?

    Upgrade stigmem-node to version 0.9.0a12 or higher.

    [,0.9.0a12)