Authentication Bypass Affecting console-io package, versions <2.3.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.3% (71st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDnpm:console-io:20160418
  • published17 May 2016
  • disclosed18 Apr 2016
  • creditCraig Arendt

Introduced: 18 Apr 2016

CVE-2016-10532  (opens in a new tab)
CWE-592  (opens in a new tab)

How to fix?

Upgrade console-io to version 2.3.0 or higher.

Overview

console-io is a web console used in Cloud Commander.

Affected versions of this package are vulnerable to Authentication Bypass. Does not require authentication for socket.io, thus allowing attackers to send and execute shell commands over a websocket.

CVSS Scores

version 3.1