We’ve disclosed3392vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the @solana/web3.js
package.
@octokit/endpoint is a Turns REST API endpoints into generic request options
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) through the parse
function due to improper input validation. An attacker can cause the application to become unresponsive and consume excessive CPU resources by crafting malicious input that triggers catastrophic backtracking in the regular expression processing.
keylime is a TPM-based key bootstrapping and system integrity measurement system for cloud
Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the registrar
process. An attacker can cause the application to fail by populating the database with multiple valid agent registrations with different UUIDs while the version is still below 7.12.0. Then, upon updating to version 7.12.0, any query to the database matching any of the entries populated by the attacker will result in failure.
org.webjars.npm:koa is a Koa web app framework
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the parsing of X-Forwarded-Proto
and X-Forwarded-Host
HTTP headers.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.