@budibase/backend-core
Budibase backend core libraries used in server and worker
Security Advisories for @budibase/backend-core in npm
Moderate
6 days ago
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
npm
@budibase/backend-core
Moderate
about 1 month ago
Budibase: Missing Cache Invalidation on Public API Role Unassignment Allows Revoked Users to Retain Privileges for Up to 1 Hour
npm
@budibase/backend-core
High
about 2 months ago
Budibase auth session cookies are set with httpOnly:false — any XSS can lead to full account takeover
npm
@budibase/backend-core
Critical
2 months ago
Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints
npm
@budibase/backend-core
Critical
3 months ago
Budibase: Server-Side Request Forgery via REST Connector with Empty Default Blacklist
npm
@budibase/backend-core