archivy@1.2.0 vulnerabilities

Minimalist knowledge base focused on digital preservation and building your second brain.

Known vulnerabilities in the archivy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Directory Traversal archivy is a Minimalist knowledge base focused on digital preservation and building your second brain. Affected versions of this package are vulnerable to Directory Traversal via the `create` function in `data.py`. How to fix Directory Traversal? Upgrade `archivy` to version 1.7.2 or higher.	[,1.7.2)
L Open Redirect archivy is a Minimalist knowledge base focused on digital preservation and building your second brain. Affected versions of this package are vulnerable to Open Redirect via the `/login` endpoint, using the `next` parameter. How to fix Open Redirect? Upgrade `archivy` to version 1.7.0 or higher.	[,1.7.0)
M Cross-site Request Forgery (CSRF) archivy is a Minimalist knowledge base focused on digital preservation and building your second brain. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF token validation in `/dataobj/delete/<int:dataobj_id>`, which makes it possible to accept "GET" and "DELETE" methods instead of "POST" method. POC: Create any note, get it's ID. Run page from `PoC.html` with concrete ID in your browser, click the button. Observe that the note with specified ID was deleted. `// PoC.html <form action="http://127.0.0.1:5000/dataobj/delete/{yourNoteID}" method="GET"> <input type="submit" value="Click me"/> </form>` How to fix Cross-site Request Forgery (CSRF)? Upgrade `archivy` to version 1.6.2 or higher.	[,1.6.2)