addax@1.0.1 vulnerabilities

Proxy to serve presigned s3 downloads to authenticated users

latest version

1.3.0
latest non vulnerable version

1.3.0
first published

6 years ago
latest version published

4 years ago
licenses detected
- ISC
  >=0
View addax package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the addax package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Arbitrary Code Injection addax is a HTTP proxy to serve private S3 files to authenticated clients. Affected versions of this package are vulnerable to Arbitrary Code Injection. User input on the `presignPath` function, which receives input directly from the API endpoint, is not validated, which allows code injection. Note: Exploitation of this vulnerability requires authentication. How to fix Arbitrary Code Injection? Upgrade `addax` to version 1.1.0 or higher.	<1.1.0

Arbitrary Code Injection

addax is a HTTP proxy to serve private S3 files to authenticated clients.

Affected versions of this package are vulnerable to Arbitrary Code Injection. User input on the presignPath function, which receives input directly from the API endpoint, is not validated, which allows code injection. Note: Exploitation of this vulnerability requires authentication.

How to fix Arbitrary Code Injection?

Upgrade addax to version 1.1.0 or higher.

<1.1.0

Go back to all versions of this package

addax@1.0.1 vulnerabilities

Proxy to serve presigned s3 downloads to authenticated users

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities