We’ve disclosed3384vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the @solana/web3.js
package.
solana-stable-web-huks is a malicious package. This package contains malicious code that exfiltrate Solana private keys.
strawberry-graphql is an A library for creating GraphQL APIs
Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). An attacker can access unauthorized data by querying for a specific type using the global node
field, which may incorrectly return an instance of a different type mapped to the same model.
Note:
This is only exploitable if Multiple GraphQL types inherit from relay.Node
, these types are mapped to the same database model and the global node field is used for type resolution.
Affected versions of this package are vulnerable to SQL Injection via the filterKeyword
method due to improper input sanitization. An authenticated attacker can manipulate database queries and retrieve or alter sensitive data by injecting SQL commands.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.