We’ve disclosed3445vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the ngx-bootstrap package.
testing-react-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
pg8000 is a PostgreSQL interface library
Affected versions of this package are vulnerable to SQL Injection via the literal function. An attacker can execute arbitrary SQL commands by supplying a specially crafted Python list as input.
org.apache.tomcat.embed:tomcat-embed-core [,9.0.110) , [10.0.0-M1,10.1.47) , [11.0.0-M1,11.0.12)
org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.
Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a denial-of-service by sending crafted requests that create temporary copies of uploaded parts faster than the garbage collector clears them, leading to resource exhaustion.
Note: Successful exploitation depends on the JVM settings, the application memory usage, and application load.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.