supervisor@3.3.0 vulnerabilities
A system for controlling process state under UNIX
-
latest version
4.2.5
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
2 years ago
-
licenses detected
- [2.0b1,3.0a1); [3.0a3,)
Direct Vulnerabilities
Known vulnerabilities in the supervisor package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor when the How to fix Exposure of Private Personal Information to an Unauthorized Actor? Upgrade |
[,4.0.4)
|
Affected versions of this package are vulnerable to Arbitrary Command Execution. A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to Details
PoCCreate a config file
Start supervisord in the foreground with that config file:
In a new terminal:
If the How to fix Arbitrary Command Execution? Upgrade |
[3.0a8,3.0.1)
[3.1.0,3.1.4)
[3.2.0,3.2.4)
[3.3.0,3.3.3)
|