3 matches found
Server-side Request Forgery (SSRF)
Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the urlUpload function. An attacker can access internal network resources and sensitive metadata by submitting a crafted URL containing .tar.gz that bypasses...
Sensitive Cookie Without "HttpOnly" Flag
Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the set function in the cookie handling process. An attacker can gain unauthorized access to user account...
Missing Authentication for Critical Function
Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the authenticated middleware, which uses unanchored regular expressions to match public endpoint...