VYPR

St2

by Stackstorm

Source repositories

CVEs (2)

  • CVE-2019-9580MedMar 9, 2019
    risk 0.40cvss 6.1epss 0.03

    In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.

  • CVE-2018-20345MedDec 21, 2018
    risk 0.35cvss 5.3epss 0.01

    Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm API) to retrieve datastore items for other users by utilizing the /v1/keys…