stene.xyz security info
stene.xyz 3.0
total known vulnerabilities: 12
fixed: 10 |
won't fix: 2
Oct 11, 2024:
Cross-Site Request Forgery - high severity - not exploited -
fix
A CSRF vulnerability existed, potentially allowing for account hijacking.
Oct 11, 2024:
DoS due to Missing Rate Limits - medium severity - not exploited -
fix
Rate limits were not in place. This allowed for a DoS by repeatedly calling endpoints that run multiple FS accesses
Oct 11, 2024:
7x Unsanitized input into path expression - high severity - not exploited -
fix
Unsanitized values were passed to several fields in paths, allowing for users to potentially read/write arbitrary files on disk.
Oct 11, 2024:
Clear-Text Transmission of Sensitive Cookie - medium severity - won't fix
Session cookies can be intercepted by an attacker when sent over HTTP.
Won't fix as it only affects test environment (prod traffic routed through HTTPS)
Oct 11, 2024:
Client-Side URL Redirect - low severity - won't fix
Vulnerability exists in Nic Cage Eats Stuff game. Won't fix as this doesn't compromise anything important.
Oct 11, 2024:
Vulnerable dependency - low severity - not exploited -
fix
The "cookie" package in Node.JS had a vulnerability allowing for arbitrary data in a cookie to be set.