vantage6@4.2.0 vulnerabilities

vantage6 command line interface

latest version

4.4.1
latest non vulnerable version

4.4.1
first published

4 years ago
latest version published

4 days ago
licenses detected
- Unknown
  [3.3.0a0,)
View vantage6 package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Race Condition vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Race Condition via the API routes `/recover/lost` and `/2fa/lost`, which are designed to assist users in recovering lost passwords or MFA tokens. An attacker can determine the existence of specific usernames within the system by observing differences in response times or by the specific error message "Failed to login" that is returned if the username exists. How to fix Race Condition? Upgrade `vantage6` to version 4.3.0 or higher.	[,4.3.0)
M Incorrect Authorization vantage6 is a vantage6 command line interface Affected versions of this package are vulnerable to Incorrect Authorization due to overly permissive CORS settings. An attacker can exploit this vulnerability by sending requests from unauthorized origins, potentially leading to unauthorized actions or data exposure. How to fix Incorrect Authorization? Upgrade `vantage6` to version 4.3.0 or higher.	[,4.3.0)

Race Condition

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Race Condition via the API routes /recover/lost and /2fa/lost, which are designed to assist users in recovering lost passwords or MFA tokens. An attacker can determine the existence of specific usernames within the system by observing differences in response times or by the specific error message "Failed to login" that is returned if the username exists.

How to fix Race Condition?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)

Incorrect Authorization

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Incorrect Authorization due to overly permissive CORS settings. An attacker can exploit this vulnerability by sending requests from unauthorized origins, potentially leading to unauthorized actions or data exposure.

How to fix Incorrect Authorization?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)

Go back to all versions of this package

vantage6@4.2.0 vulnerabilities

vantage6 command line interface

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities