VYPR

PyPI package

freetakserver

pkg:pypi/freetakserver

Vulnerabilities (2)

  • CVE-2022-25510Mar 10, 2022
    affected < 1.9.8.5fixed 1.9.8.5

    FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.

  • CVE-2022-25508Mar 10, 2022
    affected < 1.9.8.5fixed 1.9.8.5

    An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.