tomato@0.0.3 vulnerabilities

tomato

Known vulnerabilities in the tomato package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
C Arbitrary Code Injection tomato is a Web framework based on Node.js. Affected versions of this package are vulnerable to Arbitrary Code Injection via the `/api/exec` endpoint. It does not validate user input allowing attackers to run arbitrary commands in the system. How to fix Arbitrary Code Injection? There is no fixed version for `tomato`.	*
M API Admin Auth Weakness Tomato is a Node.js web framework. The tomato API has an admin service that is enabled by setting up an access_key in the config options. This access_key is intended to protect the API admin from unauthorized access. The key is checked by checking to see if the access_key provided in the request is within the configured access_key string, not equal to. So a single character that's within the access key is sufficient to bypass this control. Source: Node Security Project	<0.0.6
M API Admin Auth Weakness Tomato is a Node.js web framework. The tomato API has an admin service that is enabled by setting up an access_key in the config options. This access_key is intended to protect the API admin from unauthorized access. The key is checked by checking to see if the access_key provided in the request is within the configured access_key string, not equal to. So a single character that's within the access key is sufficient to bypass this control. Source: Node Security Project	<0.0.6