Description
Versions prior to version v1.05 are affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version v1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version.
This is patched by implementing Double submit.
Recommendation
Update the save-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.5
- Patched version(s): 1.0.7
References
Related Issues
- systeminformation command injection vulnerability - CVE-2020-7752
- engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt i - Vulnerability
- Nu Html Checker (vnu) contains a Server-Side Request Forgery (SSRF) vulnerability - CVE-2025-15104
- ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
You might also like:
- Tags:
- npm
- save-server
Anything's wrong? Let us know Last updated on January 09, 2023


