We’ve disclosed3426vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
tiny-secp256k1 is an A tiny secp256k1 JS
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify()
function when running in a bundled environment where the global Buffer is provided by the buffer package. An attacker can bypass signature verification by crafting a malicious JSON-stringifiable message that is accepted as valid, allowing false-positive verification results for known message/signature pairs.
roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts in the context of a user's browser by crafting malicious URLs that are passed to tal:replace
or tal:content
templates.
Affected versions of this package are vulnerable to Open Redirect via the redirect_url
parameter in the /xxl-sso-server/doLogin
and /xxl-sso-server/login
endpoints. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking authenticated users into clicking it.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.