vantage6@5.0.0rc10

vantage6 command line interface

  • latest version

    5.0.2

  • latest non vulnerable version

  • first published

    6 years ago

  • latest version published

    10 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the vantage6 package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    vantage6 is a vantage6 command line interface

    Affected versions of this package are vulnerable to Information Exposure due to the use of default credentials for the initial administrative account. An attacker can gain unauthorized administrative access by logging in with the known default username and password.

    How to fix Information Exposure?

    Upgrade vantage6 to version 5.0.0 or higher.

    [,5.0.0)
    • M
    Access Control Bypass

    vantage6 is a vantage6 command line interface

    Affected versions of this package are vulnerable to Access Control Bypass due to improper restrictions in the node process. An attacker can access input and output files belonging to other algorithms by executing malicious code within algorithm containers.

    How to fix Access Control Bypass?

    Upgrade vantage6 to version 5.0.0 or higher.

    [,5.0.0)
    • L
    Denial of Service (DoS)

    vantage6 is a vantage6 command line interface

    Affected versions of this package are vulnerable to Denial of Service (DoS) through the email reset process. An attacker can cause a user's mailbox to be flooded with emails and potentially impact the SMTP server by repeatedly triggering password or MFA reset requests.

    How to fix Denial of Service (DoS)?

    Upgrade vantage6 to version 5.0.0 or higher.

    [,5.0.0)
    • M
    Use of Single-factor Authentication

    vantage6 is a vantage6 command line interface

    Affected versions of this package are vulnerable to Use of Single-factor Authentication through the password reset and 2FA token reset processes. An attacker can gain unauthorized access to user accounts by compromising the associated email account and using it to reset both the password and the 2FA token, effectively bypassing multi-factor authentication.

    How to fix Use of Single-factor Authentication?

    Upgrade vantage6 to version 5.0.0 or higher.

    [,5.0.0)