VYPR

npm package

@valtimo/components

pkg:npm/%40valtimo/components

Vulnerabilities (1)

  • CVE-2024-34706CriMay 14, 2024
    affected < 10.8.4fixed 10.8.4

    Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to ex