We’ve disclosed 3185 vulnerabilities
by Snyk Security
How to fix?
openssl to version 3.0.7 or higher.
shineouts is a malicious package. This package exfiltrates Kubernetes configurations and SSH keys from compromised machines to a remote server.
Affected versions of this package are vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') when the
gevent.pywsgi function is used. An attacker can craft invalid trailers in chunked requests on keep-alive connections that might appear as two requests to
gevent.pywsgi. This could potentially bypass checks if an upstream server is filtering incoming requests based on paths or header fields and simply passing trailers through without validating them.
Note: If the upstream server validated that the trailers meet the HTTP specification, this could not occur, because characters that are required in an HTTP request, like a space, are not allowed in trailers.
org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications
Affected versions of this package are vulnerable to Information Exposure via the
DefaultBatchLoaderRegistry function. If an application provides a
DataLoaderOptions instance when registering batch loader functions through the vulnerable function, it may get exposed to GraphQL context with values, including security context values, from a different session.
Denial of Service (DoS) in graphql (npm)
Arbitrary Argument Injection in blamer (npm)
Denial of Service (DoS) in sidekiq (rubygems)
Cross-site Scripting (XSS) in @excalidraw/excalidraw (npm)
Undesired Behavior in moq (nuget)
by Snyk Security
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.