web.py@0.35 vulnerabilities

web.py: makes web apps

Direct Vulnerabilities

Known vulnerabilities in the web.py package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
SQL Injection

Affected versions of this package are vulnerable to SQL Injection via db.select which uses limit and offset values directly in the query.

How to fix SQL Injection?

Upgrade web.py to version 0.39 or higher.

[,0.39)
  • M
Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via id field during form rendering.

How to fix Cross-site Scripting (XSS)?

Upgrade web.py to version 0.39 or higher.

[,0.39)
  • M
Cross-site Scripting (XSS)

web.py makes web apps .

Affected versions of this package are vulnerable to Cross-site Scripting attacks via the form module.

How to fix Cross-site Scripting (XSS)?

Upgrade web.py to version 0.39 or higher.

[,0.39)
  • M
SQL Injection

web.py makes web apps .

Affected versions of this package are vulnerable to SQL Injection via the db module. The limit and offset vaariables could be provided by an end-user and are potentially unsafe.

How to fix SQL Injection?

Upgrade web.py to version 0.39 or higher.

[,0.39)