Homepage About Snyk

Open Source Vulnerability Database

The most comprehensive, accurate, and timely database for open source vulnerabilities.

cargo logo

Remote Code Execution

Affecting org.springframework:spring-beans package, versions [ ,5.2.20) , [5.3.0, 5.3.18)

How to fix?

Upgrade org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.

0.0
critical
0.0

Vulnerabilities from the last week

Arbitrary File Upload

0.0
Affects

formidable <3.2.4 Open this link in a new tab

Affected versions of this package are vulnerable to Arbitrary File Upload which allows attackers to execute arbitrary code via a crafted filename.

Note:

The conditions to be vulnerable are as follows:

  1. eval (user input) file name as code

  2. use the keepextension option

  3. use Linux or =iOS (where <>` are valid file chars)

  4. not using the filename option, or using it without validating user input

Heap-based Buffer Overflow

0.0
Affects

pillow [9.1.0,9.1.1) Open this link in a new tab

Pillow is a PIL (Python Imaging Library) fork.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow. When reading a TGA file with RLE packets that cross scan lines. Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data.

Arbitrary File Upload

0.0
Affects

org.webjars.npm:formidable [0,] Open this link in a new tab

Affected versions of this package are vulnerable to Arbitrary File Upload which allows attackers to execute arbitrary code via a crafted filename.

Note:

The conditions to be vulnerable are as follows:

  1. eval (user input) file name as code

  2. use the keepextension option

  3. use Linux or =iOS (where <>` are valid file chars)

  4. not using the filename option, or using it without validating user input

Recent vulnerabilities disclosed by Snyk

We’ve disclosed
1155
vulnerabilities

by Snyk Security
Researchers

See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

A shield with a tick icon inside, symbolising security