cryptpad@0.1.0 vulnerabilities
realtime collaborative visual editor with zero knowlege server
-
latest version
0.1.0
-
first published
9 years ago
-
latest version published
9 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the cryptpad package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
cryptpad is a Zero Knowledge realtime collaborative editor. Affected versions of this package are vulnerable to Improper Access Control. Users with edit access rights for rich text pads could change the URL of a document to load the same document in a code pad. As such, it is possible to invalidate the existing stored content, making it impossible to load the same document in the rich text editor. This vulnerability could lead to data loss via a trivial URL modification. How to fix Improper Access Control? Upgrade |
<3.0.0
|