We’ve disclosed3401vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
vite is a Native-ESM powered web dev build tool
Affected versions of this package are vulnerable to Incorrect Authorization via the bypass of the server.fs.deny
restriction. An attacker can access restricted files by appending ?.svg
with ?.wasm?init
or with sec-fetch-dest: script
header to the requests.
Note:
This is only exploitable if the file is smaller than the build.assetsInlineLimit
(default: 4kB), when using Vite 6.0+ and when the Vite dev server is explicitly exposed to the network (using --host
or server.host config option.
composio-core is a Core package to act as a bridge between composio platform and other services.
Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval
function in the mathematical_calculator
endpoint. An attacker can execute arbitrary code by injecting malicious input into the function.
Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.