We’ve disclosed 3381 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Privilege Context Switching Error in libuv
's handling of io_uring
operations called before calling setuid()
. This allows users to elevate privileges.
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.
Affected versions of this package are vulnerable to Path Traversal during the handling of artifact URLs. An attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by constructing a URL that uses the fragment portion to bypass validation and access the filesystem path.
Note:
This vulnerability is a bypass for CVE-2023-6909
io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.
Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.
Improper Certificate Validation in componentspace.saml2 (nuget)
Arbitrary Code Injection in mysql2 (npm)
Prototype Pollution in lodash (npm)
Prototype Pollution in lodash.zipobjectdeep (npm)
Remote Code Execution (RCE) in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.