@saltcorn/server
Server app for Saltcorn, open-source no-code platform
Security Advisories for @saltcorn/server in npm
Moderate
about 2 months ago
Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass)
npm
@saltcorn/server
Critical
about 2 months ago
Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
npm
@saltcorn/server
High
about 2 months ago
Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read
npm
@saltcorn/server
Critical
4 months ago
Saltcorn's Reflected XSS and Command Injection vulnerabilities can be chained for 1-click-RCE
npm
@saltcorn/server
Moderate
over 1 year ago
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
npm
@saltcorn/server
High
over 1 year ago
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
npm
@saltcorn/server
Potential
High
over 1 year ago
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
npm
@saltcorn/plugins-loader
High
over 1 year ago
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
npm
@saltcorn/server
Moderate
over 1 year ago
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
npm
@saltcorn/server
Moderate
over 1 year ago
@saltcorn/server arbitrary file zip read and download when downloading auto backups
npm
@saltcorn/server
Potential
High
almost 3 years ago
Unsafe plugins can be installed via pack import by tenant admins
npm
@saltcorn/cli