We’ve disclosed3402vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
dowload_ebok_englens_spil_by_carlos_ruiz_zafon_iben_hasselbalch_lqvq8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
agpt is an An open-source attempt to make GPT-4 autonomous
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the requests
wrapper. An attacker can manipulate the request process to access unauthorized data or interact with internal services by exploiting DNS rebinding vulnerabilities and redirect handling issues.
Affected versions of this package are vulnerable to Improper Input Validation via the EndpointRequest.to()
function that creates a matcher for null/**
if the actuator endpoint, for which the EndpointRequest
has been created, is disabled or not exposed.
Note:
This is only exploitable if all of the following conditions are met:
EndpointRequest.to()
has been used in a Spring Security chain configuration;
The endpoint which EndpointRequest
references is disabled or not exposed via web;
Your application handles requests to /null
and this path needs protection.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.