gun@0.8.9 vulnerabilities

A realtime, decentralized, offline-first, graph data synchronization engine.

Known vulnerabilities in the gun package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Directory Traversal gun is an ecosystem of tools that let you build community run and encrypted applications. Affected versions of this package are vulnerable to Directory Traversal. Using `curl --path-as-is` allowed reads on any parent directory or files. PoC `curl -v --path-as-is 'http://localhost:8080/gun/../../.env'` How to fix Directory Traversal? Upgrade `gun` to version 0.2019.416 or higher.	<0.2019.416
M Information Exposure gun is an ecosystem of tools that let you build community run and encrypted applications. Affected versions of this package are vulnerable to Information Exposure. Using `curl --path-as-is` allowed reads on any parent directory or files. How to fix Information Exposure? Upgrade `gun` to version 0.2019.416 or higher.	<0.2019.416

gun is an ecosystem of tools that let you build community run and encrypted applications.

Affected versions of this package are vulnerable to Directory Traversal. Using curl --path-as-is allowed reads on any parent directory or files.

curl -v --path-as-is 'http://localhost:8080/gun/../../.env'

How to fix Directory Traversal?

Upgrade gun to version 0.2019.416 or higher.

<0.2019.416

gun is an ecosystem of tools that let you build community run and encrypted applications.

Affected versions of this package are vulnerable to Information Exposure. Using curl --path-as-is allowed reads on any parent directory or files.

How to fix Information Exposure?

Upgrade gun to version 0.2019.416 or higher.

<0.2019.416