Version Details and Security Vulnerabilities

📦

restify

9.1.0

Comparision Betweeen 9.1.0 and 9.0.0

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

341.69 KB

341.31 KB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

restify

9.1.0

Comparision Betweeen 9.1.0 and 9.0.0

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

Unpacked Size

341.69 KB

341.31 KB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 9.1.0 of the package restify.

All Security Vulnerabilities

All the vulnerabilities related to the version 9.1.0 of the package

Summary:

fast-redact vulnerable to prototype pollution

Details:

fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

Details about fast-redact@3.5.0

Summary:

send vulnerable to template injection that can lead to XSS

Details:

Impact

passing untrusted user input - even after sanitizing it - to SendStream.redirect() may execute untrusted code

Patches

this issue is patched in send 0.19.0

Workarounds

users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are safe, ideally by validating them against an explicit allowlist

Details

successful exploitation of this vector requires the following:

The attacker MUST control the input to response.redirect()
express MUST NOT redirect before the template appears
the browser MUST NOT complete redirection before:
the user MUST click on the link in the template

Details about send@0.17.2

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 9.1.0 of the package restify.

All Security Vulnerabilities

All the vulnerabilities related to the version 9.1.0 of the package

Summary:

fast-redact vulnerable to prototype pollution

Details:

Details about fast-redact@3.5.0

Summary:

send vulnerable to template injection that can lead to XSS

Details:

Impact

passing untrusted user input - even after sanitizing it - to SendStream.redirect() may execute untrusted code

Patches

this issue is patched in send 0.19.0

Workarounds

Details

successful exploitation of this vector requires the following:

The attacker MUST control the input to response.redirect()
express MUST NOT redirect before the template appears
the browser MUST NOT complete redirection before:
the user MUST click on the link in the template

Details about send@0.17.2

Version Details and Security Vulnerabilities

restify

Comparision Betweeen 9.1.0 and 9.0.0

Security Vulnerabilities

Version Details and Security Vulnerabilities

restify

Comparision Betweeen 9.1.0 and 9.0.0

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

Details

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Impact

Patches

Workarounds

Details

Version Details and Security Vulnerabilities

restify

Comparision Betweeen 9.1.0 and 9.0.0

Security Vulnerabilities

Version Details and Security Vulnerabilities

restify

Comparision Betweeen 9.1.0 and 9.0.0

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

fast-redact@3.5.0 GHSA-ffrw-9mx8-89p8 2.9

send@0.17.2 GHSA-m6fv-jmcg-4jfg 2.3

Impact

Patches

Workarounds

Details

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

fast-redact@3.5.0 GHSA-ffrw-9mx8-89p8 2.9

send@0.17.2 GHSA-m6fv-jmcg-4jfg 2.3

Impact

Patches

Workarounds

Details