We’ve disclosed3445vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the ngx-bootstrap
package.
playwright-core is an A high-level API to automate web browsers
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via improper verification of cryptographic signatures during package installation. An attacker can impersonate trusted entities by spoofing expected servers over an adjacent network.
nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.
Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the logging extension. An attacker can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
This vulnerability is only exploitable when using the default Triton Server binary bundled in /pytriton/tritonserver/bin/tritonserver.
It is possible to update the Triton Server binary to a patched version independently of PyTriton; See Building binaries from source.
Affected versions of this package are vulnerable to Trusting HTTP Permission Methods on the Server Side via the /management/commands
endpoint. An attacker can trick the user into clicking a specially crafted link, potentially leading to code execution on the target page, theft of session information, and account takeover.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.