Description
Versions prior to version v1.05 are affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version v1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version.
This is patched by implementing Double submit.
Recommendation
Update the save-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.5
- Patched version(s): 1.0.7
References
Related Issues
- PostCSS line return parsing error - CVE-2023-44270
- mavo DOM Clobbering vulnerability - CVE-2024-53388
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Tags:
- npm
- save-server
Anything's wrong? Let us know Last updated on January 09, 2023