Improper Authorization Affecting pyninja package, versions [,1.1.0)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-PYNINJA-8600637
published1 Jan 2025
disclosed1 Jan 2025
creditUnknown

Report a new vulnerability Found a mistake?

Introduced: 1 Jan 2025

NewCWE-285 (opens in a new tab)

How to fix?

Upgrade PyNinja to version 1.1.0 or higher.

Overview

PyNinja is a Lightweight OS-agnostic service monitoring API

Affected versions of this package are vulnerable to Improper Authorization due to the ability to access the '/monitor' page, which exposes sensitive information.

References

GitHub Commit

CVSS Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
Low
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
Low
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None