We’ve disclosed 3279 vulnerabilities
by Snyk Security
Researchers
How to fix?
Upgrade github.com/opencontainers/runc/libcontainer
to version 1.1.12 or higher.
express is a minimalist web framework.
Affected versions of this package are vulnerable to Open Redirect due to the implementation of URL encoding using encodeurl
before passing it to the location
header. This can lead to unexpected evaluations of malformed URLs by common redirect allow list implementations in applications, allowing an attacker to bypass a properly implemented allow list and redirect users to malicious sites.
nautobot is a Source of truth and network automation platform.
Affected versions of this package are vulnerable to Information Exposure due to improper access control on several URL endpoints. An attacker can access sensitive information without authentication by exploiting endpoints that are improperly accessible to unauthenticated users. This includes endpoints that may disclose information about the system's authentication backend classes, supported secrets providers, and potentially sensitive logs associated with specific JobResults.
Note:
This is only exploitable if the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS
is altered from its default value to permit access to specific data by unauthenticated users.
org.webjars.npm:express is a WebJar for express.
Affected versions of this package are vulnerable to Open Redirect due to the implementation of URL encoding using encodeurl
before passing it to the location
header. This can lead to unexpected evaluations of malformed URLs by common redirect allow list implementations in applications, allowing an attacker to bypass a properly implemented allow list and redirect users to malicious sites.
Prototype Pollution in web3-utils (npm)
Cross-site Scripting (XSS) in livewire/livewire (composer)
Regular Expression Denial of Service (ReDoS) in black (pip)
Command Injection in pdf-image (npm)
Use of Uninitialized Variable in fastecdsa (pip)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.