We’ve disclosed3390vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Embedded Malicious Code
Affecting @solana/web3.js package, versions >=1.95.6 <1.95.8
How to fix?
Avoid using all malicious instances of the @solana/web3.js package.
Vulnerabilities from the last week
Prototype Pollution
Affects
@tanstack/form-core is a Powerful, type-safe, framework agnostic forms.
Affected versions of this package are vulnerable to Prototype Pollution through the mutateMergeDeep function. An attacker can disrupt service by supplying a crafted payload with Object.prototype setter to introduce or modify properties within the global prototype chain.
Directory Traversal
Affects
xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies.
Affected versions of this package are vulnerable to Directory Traversal through the src attribute in artwork or sourcecode elements due to improper enforcement of --allow-local-file-access flag. An attacker can view or use contents from local files by specifying a file path that leads to sensitive data. This is only exploitable if the XML input source file is located in the same directory as the target file or a subdirectory thereof.
Prototype Pollution
Affects
Affected versions of this package are vulnerable to Prototype Pollution through the createPath function. An attacker can disrupt service by supplying a crafted payload with Object.prototype setter to introduce or modify properties within the global prototype chain.
Recent vulnerabilities disclosed by Snyk
- H
Regular Expression Denial of Service (ReDoS) in parse-duration (npm)- M
Server-side Request Forgery (SSRF) in hackney (hex)- H
Improper Input Validation in spatie/browsershot (composer)- H
Arbitrary File Upload in cockpit-hq/cockpit (composer)- H
Improper Input Validation in spatie/browsershot (composer)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
