Advisories for Npm/Raneto package

2022

Weak Password Requirements

Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability.

Improper Authentication

An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter.