We’ve disclosed3440vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the ngx-bootstrap
package.
@astrojs/node is a Deploy your site to a Node.js server
Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') via the X-Forwarded-Host
header when using the Astro.url
property without validation. An attacker can manipulate output content and potentially cause users to be redirected to malicious sites, allowing login credentials theft by sending crafted headers.
Note:
This is only exploitable if the application is deployed in on-demand/dynamic rendering mode.
In case of using a caching proxy, any page which is cached could persist the malicious value for subsequent users.
bbot is an OSINT automation for hackers.
Affected versions of this package are vulnerable to Information Exposure via the gitlab
process. An attacker can obtain sensitive API key information by tricking the system into connecting to a maliciously crafted git URL.
Affected versions of this package are vulnerable to Missing Authorization via the list
function in UserInfoController.java
. An attacker can access sensitive user information by sending unauthorized requests remotely.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.