terriajs-server@2.2.0 vulnerabilities
NodeJS server for TerriaJS, consisting of a CORS proxy, proj4 CRS lookup service, and express static server.
-
latest version
4.0.0
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
a year ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the terriajs-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
terriajs-server is a basic NodeJS Express server that serves up a (not included) static TerriaJS-based site (such as National Map) with a few additional useful services. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). If an attacker has access to a server whitelisted by the terriajs-server proxy or if the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the attacker can use the terriajs-server proxy to access any HTTP-accessible resources that are accessible to the server, including private resources in the hosting environment. How to fix Server-Side Request Forgery (SSRF)? Upgrade |
<2.7.4
|
terriajs-server is a basic NodeJS Express server that serves up a (not included) static TerriaJS-based site (such as National Map) with a few additional useful services. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF). Once an attacker has access to a server whitelisted by the terriajs-server proxy, or the attacker is able to modify the DNS records of a domain whitelisted by the terriajs-server proxy, the terriajs-server proxy can be used to access any HTTP resources accessible to the server, including private data in the hosting environment. How to fix Server-Side Request Forgery (SSRF)? Upgrade |
<2.7.4
|