VYPR

Maven package

com.orientechnologies/orientdb-studio

pkg:maven/com.orientechnologies/orientdb-studio

Vulnerabilities (2)

  • CVE-2015-2918MedDec 31, 2015
    affected < 2.0.15fixed 2.0.15

    The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

  • CVE-2015-2912HigDec 31, 2015
    affected < 2.0.15fixed 2.0.15

    The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, v