Vulnerabilities

Exploring the minimist prototype pollution security vulnerability

On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This ...

Django security tips

Lucky you, you user of the web framework for perfectionists with deadlines (AKA Django). The Django team has put a ...

What is a backdoor? Let's build one with Node.js

A backdoor in our code that can perform OS injection is one of the most scary scenarios ever. Currently, npm ...

How to detect and fix Kubernetes access restriction vulnerability CVE-2019-11249

Over the past few years, Kubernetes has exploded into the tech world, becoming the most popular cloud container orchestration system. ...

Popular Python library, urllib3, subject to a denial of service vulnerability

Urllib3, a powerful and popular Python http client, is subject to a newly discovered denial of service vulnerability. Urllib3 is ...

Snyk partners with the makers of Greenkeeper to help developers proactively maintain dependency health 

We’re pleased to announce the graduation of Automatic Dependency Upgrades, a Snyk Open Source capability that helps developers proactively reduce ...

Ghostcat breach affects all Tomcat versions

Apache Tomcat is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. ...

Security breach leaks the personal data of all 6.5 million Israeli voters

On February 7th, 2020 I received an anonymous tip through the “leak inbox” of the Israeli CyberCyber ​​podcast.

Node.js release fixes a critical HTTP security vulnerability

A new Node.js security release was published earlier today, 6th of February, 2020  which fixes one Critical severity and two ...