Homepage
About Snyk

polaris-website@1.0.3 vulnerabilities

The Polaris website and panel designed to work with the Polaris bot (polaris-bot package)

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the polaris-website package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-Site Request Forgery (CSRF)

polaris-website is a The Polaris website and panel designed to work with the Polaris bot (polaris-bot package)

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). In some very specific circumstances, an attacker would be able to update your settings. Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your settings.

How to fix Cross-Site Request Forgery (CSRF)?

Upgrade polaris-website to version 1.1.1 or higher.

<1.1.1
Go back to all versions of this package