We’ve disclosed3377vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Embedded Malicious Code
Affecting @solana/web3.js package, versions >=1.95.6 <1.95.8
How to fix?
Avoid using all malicious instances of the @solana/web3.js package.
Vulnerabilities from the last week
Improper Input Validation
Affects
Affected versions of this package are vulnerable to Improper Input Validation due to the mishandling of fractional values in the nanoid function. By exploiting this vulnerability, an attacker can achieve an infinite loop.
Arbitrary File Write via Archive Extraction (Zip Slip)
Affects
luigi is a package that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization, handling failures, command line integration, and much more.
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
Use of Cache Containing Sensitive Information
Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to improper caching in the HttpCache plugin. An attacker can disclose sensitive response information by exploiting the misconfigured cache settings.
Recent vulnerabilities disclosed by Snyk
- M
Insufficient Entropy in pubnubswift (cocoapods)- M
Cross-site Scripting (XSS) in drupal-pattern-lab/add-attributes-twig-extension (composer)- L
Cross-site Scripting (XSS) in drupal-pattern-lab/bem-twig-extension (composer)- M
Cross-site Scripting (XSS) in drupal-pattern-lab/unified-twig-extensions (composer)- L
Cross-site Scripting (XSS) in pattern-lab/drupal-twig-components (composer)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
