Homepage
About Snyk

vantage6@4.2.0 vulnerabilities

vantage6 command line interface

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Improper Access Control

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Improper Access Control in the collaboration management process. An attacker can extend their influence by adding extra organizations to their collaboration and creating new users with known passwords, allowing them to read task results of other collaborations.

How to fix Improper Access Control?

Upgrade vantage6 to version 4.5.0rc3 or higher.

[,4.5.0rc3)
  • M
Race Condition

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Race Condition via the API routes /recover/lost and /2fa/lost, which are designed to assist users in recovering lost passwords or MFA tokens. An attacker can determine the existence of specific usernames within the system by observing differences in response times or by the specific error message "Failed to login" that is returned if the username exists.

How to fix Race Condition?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)
  • M
Incorrect Authorization

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Incorrect Authorization due to overly permissive CORS settings. An attacker can exploit this vulnerability by sending requests from unauthorized origins, potentially leading to unauthorized actions or data exposure.

How to fix Incorrect Authorization?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)
Go back to all versions of this package