Improper Validation Affecting concrete-datastore package, versions [,1.22.0)
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-CONCRETEDATASTORE-1066247
- published 1 Feb 2021
- disclosed 1 Feb 2021
- credit Unknown
How to fix?
Upgrade concrete-datastore
to version 1.22.0 or higher.
Overview
concrete-datastore is an A highly versatile REST Datastore
Affected versions of this package are vulnerable to Improper Validation. Improper validation of the url_format
can result in template injection.