We’ve disclosed3413vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Malicious Package
Affects
slimdx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Use of GET Request Method With Sensitive Query Strings
Affects
Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings when a new component is created based on an existing one with a source code repository URL, this URL, including any embedded credentials (like a GitHub Personal Access Token and username), is passed as plain text in the client's URL parameters. An attacker can gain access to private repositories containing sensitive source code by exploiting server logs or browser history, where these credentials are stored in plaintext.
Cross-site Request Forgery (CSRF)
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in raylib (conan)- H
Denial of Service (DoS) in open62541 (conan)- M
CRLF Injection in drogon (conan)- H
HTTP Response Splitting in drogon (conan)- M
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in crowcpp-crow (conan)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
