Nocturnal Programmer's Machine
console-io

Authentication Bypass

Severity: critical

Overview

Affected versions of the console-io package do not configure the underlying websocket library to require authentication, resulting in an authentication bypass vulnerability. As console-io allows terminal access on the server via a web page, an authentication bypass is essentially remote code execution.

Remediation

Update to version 2.3.0 or later.

Vulnerable versions

1.0.0
4 years ago
1.0.1
4 years ago
1.0.2
4 years ago
1.0.3
4 years ago
1.0.4
4 years ago
1.0.5
4 years ago
1.0.6
4 years ago
1.0.7
4 years ago
1.1.0
4 years ago
1.2.0
4 years ago
1.2.1
4 years ago
1.3.0
4 years ago
1.3.1
4 years ago
1.3.2
4 years ago
1.3.3
4 years ago
1.3.4
4 years ago
1.3.6
4 years ago
1.3.7
4 years ago
1.3.8
4 years ago
1.3.9
4 years ago
1.4.0
4 years ago
1.4.1
4 years ago
1.4.2
4 years ago
1.4.3
4 years ago
1.5.0
4 years ago
1.5.1
4 years ago
1.5.2
4 years ago
1.6.0
4 years ago
1.6.1
4 years ago
1.6.2
4 years ago
1.6.3
4 years ago
1.6.4
4 years ago
1.6.5
4 years ago
1.6.6
4 years ago
1.6.7
4 years ago
1.6.8
4 years ago
1.7.0
4 years ago
1.7.1
4 years ago
1.7.2
4 years ago
1.7.3
4 years ago
1.7.4
4 years ago
1.7.5
4 years ago
1.7.6
4 years ago
1.7.7
4 years ago
1.7.8
4 years ago
1.7.9
4 years ago
1.7.10
4 years ago
1.8.0
4 years ago
1.8.1
4 years ago
1.8.2
4 years ago
1.8.3
4 years ago
1.8.4
4 years ago
1.8.5
4 years ago
1.9.0
4 years ago
1.9.1
4 years ago
1.9.2
4 years ago
1.9.3
4 years ago
1.9.4
4 years ago
1.9.5
4 years ago
1.9.6
4 years ago
1.9.7
4 years ago
1.9.8
4 years ago
1.9.9
4 years ago
1.10.0
4 years ago
1.10.1
4 years ago
1.10.2
4 years ago
1.10.3
4 years ago
1.10.4
4 years ago
1.10.5
4 years ago
1.10.6
4 years ago
1.10.7
4 years ago
1.10.8
4 years ago
1.10.9
4 years ago
1.11.1
4 years ago
1.11.2
4 years ago
1.11.3
4 years ago
1.11.4
4 years ago
1.11.5
4 years ago
1.11.6
4 years ago
1.11.7
4 years ago
1.11.8
4 years ago
1.11.9
4 years ago
1.11.10
4 years ago
1.11.11
4 years ago
1.11.12
4 years ago
1.11.13
4 years ago
2.0.0
4 years ago
2.0.1
4 years ago
2.0.2
4 years ago
2.1.0
4 years ago
2.1.1
4 years ago
2.1.2
4 years ago
2.1.3
4 years ago
2.1.4
4 years ago
2.1.5
4 years ago
2.1.6
4 years ago
2.1.7
4 years ago
2.1.8
4 years ago
2.1.9
4 years ago
2.1.10
4 years ago
2.1.11
4 years ago
2.1.12
4 years ago
2.1.13
4 years ago
2.1.14
4 years ago
2.1.15
4 years ago
2.2.0
3 years ago
2.2.1
3 years ago
2.2.2
3 years ago
2.2.3
3 years ago
2.2.4
3 years ago
2.2.5
3 years ago
2.2.6
3 years ago
2.2.7
3 years ago
2.2.8
3 years ago
2.2.9
3 years ago
2.2.10
3 years ago
2.2.11
3 years ago
2.2.12
3 years ago
2.2.13
3 years ago

Unaffected versions

2.3.0
3 years ago
2.3.1
3 years ago
2.3.2
3 years ago
2.3.3
3 years ago
2.4.0
3 years ago
2.4.1
3 years ago
2.5.0
3 years ago
2.5.1
3 years ago
2.5.2
3 years ago
2.5.3
3 years ago
2.6.0
3 years ago
2.6.1
3 years ago
2.6.2
3 years ago
2.6.3
2 years ago
2.7.0
2 years ago
2.7.1
2 years ago
2.7.2
2 years ago
2.7.3
2 years ago
2.7.4
2 years ago
2.7.5
2 years ago
2.7.6
2 years ago
2.7.7
2 years ago
2.7.8
2 years ago
2.7.9
2 years ago
2.7.10
2 years ago
2.7.11
2 years ago
2.7.12
2 years ago
2.7.13
2 years ago
2.7.14
2 years ago
3.0.0
2 years ago
3.0.1
2 years ago
3.0.2
2 years ago
3.0.3
2 years ago
3.0.4
2 years ago
3.0.5
2 years ago
3.0.6
2 years ago
3.0.7
2 years ago
3.0.8
2 years ago
3.0.9
2 years ago
3.0.10
a year ago
3.0.11
a year ago
3.0.12
a year ago
3.0.13
a year ago
3.1.0
a year ago
3.1.1
a year ago
3.1.2
a year ago
3.1.3
a year ago
4.0.0
a year ago
5.0.0
a year ago
5.0.1
a year ago
5.0.2
a year ago
5.0.3
a year ago
5.0.4
8 months ago
5.0.5
6 months ago
5.0.6
5 months ago
5.1.0
5 months ago
6.0.0
5 months ago
6.0.1
5 months ago
7.0.0
5 months ago
7.0.1
5 months ago
7.0.2
5 months ago
7.0.3
5 months ago
7.0.4
4 months ago
7.0.5
4 months ago
7.0.6
3 months ago

Advisory timeline

  1. published

    Advisory published
    Apr 18th, 2016
  2. reported

    Mar 28th, 2016