2 matches found
User Impersonation
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to User Impersonation via the access request system. An attacker can obtain elevated privileges and impersonate trusted devices by submitting misleading descriptions,...
Arbitrary Code Injection
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Arbitrary Code Injection via the appstore.js REST API endpoint, which allows the installation of npm packages using unsanitized version specifiers. An administrator...