vantage6@4.2.0 vulnerabilities

vantage6 command line interface

Direct Vulnerabilities

Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Race Condition

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Race Condition via the API routes /recover/lost and /2fa/lost, which are designed to assist users in recovering lost passwords or MFA tokens. An attacker can determine the existence of specific usernames within the system by observing differences in response times or by the specific error message "Failed to login" that is returned if the username exists.

How to fix Race Condition?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)
  • M
Incorrect Authorization

vantage6 is a vantage6 command line interface

Affected versions of this package are vulnerable to Incorrect Authorization due to overly permissive CORS settings. An attacker can exploit this vulnerability by sending requests from unauthorized origins, potentially leading to unauthorized actions or data exposure.

How to fix Incorrect Authorization?

Upgrade vantage6 to version 4.3.0 or higher.

[,4.3.0)