spotipy@2.22.1 vulnerabilities

A light weight Python library for the Spotify Web API

latest version

2.25.1

latest non vulnerable version

2.25.1

first published

14 years ago

latest version published

1 months ago

licenses detected

MIT
[2.0.1,)

View spotipy package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the spotipy package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Incorrect Default Permissions spotipy is an A light weight Python library for the Spotify Web API Affected versions of this package are vulnerable to Incorrect Default Permissions via the `CacheHandler` class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spotify auth token exposed in the file created by the `CacheHandler` class with the `rw-r--r--` (644) default permissions. How to fix Incorrect Default Permissions? Upgrade `spotipy` to version 2.25.1 or higher.	[,2.25.1)

Incorrect Default Permissions

spotipy is an A light weight Python library for the Spotify Web API

Affected versions of this package are vulnerable to Incorrect Default Permissions via the CacheHandler class. An attacker can gain unauthorized access to administrative actions on the Spotify account by reading the spotify auth token exposed in the file created by the CacheHandler class with the rw-r--r-- (644) default permissions.

How to fix Incorrect Default Permissions?

Upgrade spotipy to version 2.25.1 or higher.

[,2.25.1)

Go back to all versions of this package