volttron-core@2.0.0rc2 vulnerabilities

VOLTTRON™ is an open source platform for distributed sensing and control. The platform provides services for collecting and storing data from buildings and devices and provides an environment for developing applications which interact with that data.

Direct Vulnerabilities

Known vulnerabilities in the volttron-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authorization

volttron-core is a VOLTTRON™ is an open source platform for distributed sensing and control. The platform provides services for collecting and storing data from buildings and devices and provides an environment for developing applications which interact with that data.

Affected versions of this package are vulnerable to Improper Authorization in the configuration stores which allows unauthorized users to modify or delete configuration files.

How to fix Improper Authorization?

A fix was pushed into the master branch but not yet published.

[0,)