derby@0.5.0-alpha3 vulnerabilities

MVC framework making it easy to write realtime, collaborative applications that run in both Node.js and browsers.

latest version

4.0.0-beta.12
latest non vulnerable version

4.0.0-beta.13
first published

13 years ago
latest version published

3 hours ago
licenses detected
- (Apache-2.0 OR MIT)
  >=0.0.1 <0.5.10
View derby package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the derby package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation due to the `this.lastSegment` variable in the `emit` function not being sanitized. An attacker can manipulate the `this.lastSegment` variable to set it to `__proto__`, leading to prototype pollution. Notes: 1)If the application author has atypical HTML templates that feed user input into an object key. Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications. How to fix Improper Input Validation? Upgrade `derby` to version 2.3.2, 3.0.2, 4.0.0-beta.11 or higher.	<2.3.2 >=3.0.0 <3.0.2 >=4.0.0-beta.2 <4.0.0-beta.11

Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation due to the this.lastSegment variable in the emit function not being sanitized. An attacker can manipulate the this.lastSegment variable to set it to __proto__, leading to prototype pollution.

Notes:

1)If the application author has atypical HTML templates that feed user input into an object key.

Attribute keys are almost always developer-controlled, not end-user-controlled, so this shouldn't be an issue in practice for most applications.

How to fix Improper Input Validation?

Upgrade derby to version 2.3.2, 3.0.2, 4.0.0-beta.11 or higher.

<2.3.2 >=3.0.0 <3.0.2 >=4.0.0-beta.2 <4.0.0-beta.11

Go back to all versions of this package

derby@0.5.0-alpha3 vulnerabilities

MVC framework making it easy to write realtime, collaborative applications that run in both Node.js and browsers.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities