medis@0.2.0 vulnerabilities
GUI for Redis
-
latest version
0.2.0
-
first published
8 years ago
-
latest version published
8 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the medis package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
medis is a Mac database management application for Redis. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks which can lead to code execution due to an enabled node integration. When a victim synchronizes data from the redis server, an attack may occur if the server contains a malicious key value. PoC by silvia vali: If an attacker provides the following as a key:
If the user now hovers over the key name, the payload will be executed when the user hovers over the key name. An alert box will pop up and open the How to fix Cross-site Scripting (XSS)? There is no fix version for |
*
|
medis is a Mac database management application for Redis. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks which can lead to code execution due to an enabled node integration. When a victim synchronizes data from the redis server, an attack may occur if the server contains a malicious key value. PoC by silvia vali: If an attacker provides the following as a key:
If the user now hovers over the key name, the payload will be executed when the user hovers over the key name. An alert box will pop up and open the How to fix Cross-site Scripting (XSS)? There is no fix version for |
*
|