We’ve disclosed3401vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Incorrect Authorization
vite is a Native-ESM powered web dev build tool
Affected versions of this package are vulnerable to Incorrect Authorization via the bypass of the server.fs.deny restriction. An attacker can access restricted files by appending ?.svg with ?.wasm?init or with sec-fetch-dest: script header to the requests.
Note:
This is only exploitable if the file is smaller than the build.assetsInlineLimit (default: 4kB), when using Vite 6.0+ and when the Vite dev server is explicitly exposed to the network (using --host or server.host config option.
Dynamic Variable Evaluation
Affects
composio-core is a Core package to act as a bridge between composio platform and other services.
Affected versions of this package are vulnerable to Dynamic Variable Evaluation through the eval function in the mathematical_calculator endpoint. An attacker can execute arbitrary code by injecting malicious input into the function.
Improper Input Validation
Affected versions of this package are vulnerable to Improper Input Validation via the resource file handling mechanism. An attacker can use resource API to access and modify all files in the machine even if they are not under resource path.
Recent vulnerabilities disclosed by Snyk
- M
Prototype Pollution in expand-object (npm)- H
Buffer Overflow in bigint-buffer (npm)- H
Server-side Request Forgery (SSRF) in spatie/browsershot (composer)- M
Cross-site Scripting (XSS) in react-draft-wysiwyg (npm)- H
Server-Side Request Forgery (SSRF) in nossrf (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
