Vulnerabilities
Learn more about vulnerabilities and exploits from our dedicated security team and others.
5 ways to prevent code injection in JavaScript and Node.js
Learn some best practices for keeping your Node.js and JavaScript projects safe from code injection attacks.
Developer Driven Workflows – Dockerfile & image scanning, prioritization, and remediation
When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate […]
How I was hacking docker containers by exploiting ImageMagick vulnerabilities
What if I told you that using vulnerable Docker images can put you at significant and imminent risk of a command injection security vulnerability of hacking docker containers that use that vulnerable Docker image? In this article, I’ll take you through a step-by-step process of container hacking, in which we will exploit a Node.js-based web […]
Guide to Software Composition Analysis (SCA)
2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better […]
Prioritize fixes more efficiently with Reachable Vulnerabilities for GitHub
We are pleased to start the new year with the beta availability of Reachable Vulnerabilities for GitHub, providing development and security teams with deep application-level context for vulnerabilities identified in GitHub-hosted applications and enabling them to prioritize fixes more efficiently. Announced in July last year, Reachable Vulnerabilities analyzes an application’s execution path to identify whether […]
Snyk’s approach to container security research and relative importance
Container vulnerabilities are tricky things to deal with, requiring an understanding of both Linux security and container image architecture. Setting aside vulnerabilities that might occur in your code, most of the vulnerabilities that you deal with in containers relate to Linux operating system packages and their dependencies. And yet, containers are typically handled by developers, […]
How to detect the ExternalIP Kubernetes vulnerability in your Kubernetes configurations with Snyk
On Tuesday, a Kubernetes vulnerability was announced affecting all Kubernetes versions where a hostile user may be able to intercept traffic if external IP addresses are being used on services. Snyk has added a new check to Snyk Infrastructure as Code (Snyk IaC) to check your Kubernetes deployment definitions and notify you if you are […]
Regular Expression Denial of Service (REDoS) in UAParser.js
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]
Arbitrary code execution in Grunt
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]
Prototype pollution in express-fileupload
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]
Prioritizing vulnerabilities in Kubernetes deployments
Snyk has recently introduced a Priority Score to help prioritize vulnerabilities we detect, helping you identify the most important issues that need your attention. Prioritization and Snyk Container The new Priority Score is fully supported in Snyk Container. All of your container images will be scored based on the severity of the vulnerability, data we […]