We’ve disclosed3385vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the @solana/web3.js
package.
store2 is a Better localStorage
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the store.deep.js
component due to the usage of eval
function. An attacker can execute arbitrary scripts in the context of the interface or access sensitive information by injecting malicious scripts.
RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion') due to a type confusion bug in the CPython interpreter. An attacker can bypass security restrictions by exploiting the try/except*
clauses. This is only exploitable if the try/except*
feature is used in the code.
org.apache.wicket:wicket-core is a Java web application framework that takes simplicity, separation of concerns and ease of development to a whole new level. Wicket pages can be mocked up, previewed and later revised using standard WYSIWYG HTML design tools. Dynamic content processing and form handling is all handled in Java code using a first-class component model backed by POJO data beans that can easily be persisted using your favorite technology.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to a memory leak that can be triggered by an attacker sending multiple simultaneous requests to the server.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.