Information Exposure Affecting nanoc package, versions <3.8.0
Snyk CVSS
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RUBY-NANOC-20365
- published 8 May 2017
- disclosed 15 Apr 2015
- credit Mike Pennisi
How to fix?
Upgrade nanoc
to version 3.8.0 or higher.
Overview
nanoc
is a static-site generator focused on flexibility.
Affected versions of the package are vulnerable to Information Exposure. Resources embedded within HTML documents were not correctly validated, and malicious users could request a protocol that degrades the security of the original connection. Browsers do not enforce consistant protocols, which could lead to the leakage of private information.