Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Cross-site Scripting (XSS)
SECURITY REVIEW NEEDEDPOPULARHEALTHYACTIVE
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the webhookId parameter in the Chat Trigger node. An attacker can execute arbitrary JavaScript in the context of another user's session by injecting malicious code, which is then triggered when a logged-in user visits the affected chat URL.
Inefficient Algorithmic Complexity
Affects
Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the purge_kv_map function of the KV Map Handler process. An attacker can cause excessive resource consumption by triggering operations that exploit inefficient algorithmic complexity.
Cross-site Scripting (XSS)
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the inconsistent output encoding of user-supplied parameters in HTML responses through the FSUtils.postToTarget function. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a victim into visiting a crafted URL. This is only exploitable if a non-default configuration is used in certain clustered deployments.
Recent vulnerabilities disclosed by Snyk
- C
Code Execution in expr-eval (npm)- M
Uncaught Exception in ts-deepmerge (npm)- H
Command Injection in degit (npm)- C
Malicious Package in moustick (npm)- C
Malicious Package in cookie-parser-legacy (npm)
Snyk security
researchers
have disclosed
3499
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
