vantage6@4.0.0a10 vulnerabilities
vantage6 command line interface
-
latest version
4.4.1
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
5 days ago
-
licenses detected
- [3.3.0a0,)
Direct Vulnerabilities
Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Race Condition via the API routes How to fix Race Condition? Upgrade |
[,4.3.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Incorrect Authorization due to overly permissive CORS settings. An attacker can exploit this vulnerability by sending requests from unauthorized origins, potentially leading to unauthorized actions or data exposure. How to fix Incorrect Authorization? Upgrade |
[,4.3.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information due to insufficient validation of encryption settings when creating tasks in an encrypted collaboration. An attacker can inadvertently store sensitive input data unencrypted in the database by creating a task without the proper encryption setting. How to fix Insecure Storage of Sensitive Information? Upgrade |
[,4.2.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Improper Access Control due to insecure default SSH configurations for node and server containers. An attacker can gain unauthorized root access with password authentication by exploiting this misconfiguration. Note: This is only exploitable if the SSH service is exposed, which is not the case in a proper deployment. How to fix Improper Access Control? Upgrade |
[,4.2.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper handling of algorithm environment variables. An attacker can execute arbitrary code by injecting malicious input into these variables. How to fix Arbitrary Code Injection? Upgrade |
[,4.2.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the How to fix Deserialization of Untrusted Data? Upgrade |
[,4.0.2)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor when a collaboration is deleted, the linked resources such as tasks from that collaboration should also be deleted. An attacker can potentially see results of the deleted collaboration in some cases by creating a new collaboration with the same id as the deleted one. This is only exploitable if a new collaboration is created with the same id as a previously deleted collaboration. How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade |
[,4.0.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Incorrect Authorization through the How to fix Incorrect Authorization? Upgrade |
[,4.0.0)
|
vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Incorrect Authorization when the How to fix Incorrect Authorization? Upgrade |
[,4.0.0)
|