We’ve disclosed3389vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the @solana/web3.js
package.
redoc is an OpenAPI/Swagger-generated API Reference Documentation.
Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects()
method in utils/helpers.ts
due to improper user input sanitization.
xml2rfc is a Xml2rfc generates RFCs and IETF drafts from document source in XML according to the IETF xml2rfc v2 and v3 vocabularies.
Affected versions of this package are vulnerable to Directory Traversal through the src
attribute in artwork
or sourcecode
elements due to improper enforcement of --allow-local-file-access
flag. An attacker can view or use contents from local files by specifying a file path that leads to sensitive data. This is only exploitable if the XML input source file is located in the same directory as the target file or a subdirectory thereof.
org.webjars:redoc is an OpenAPI/Swagger-generated API Reference Documentation.
Affected versions of this package are vulnerable to Prototype Pollution via the mergeObjects()
method in utils/helpers.ts
due to improper user input sanitization.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.