We’ve disclosed3402vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
@n8n/api-types is a fair-code workflow automation platform with native AI capabilities
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via a lack of MIME type validation on uploaded binary files, which can be controlled through a GET parameter. This allows an authenticated attacker with member-level privileges to upload a crafted HTML file containing malicious code. If another authenticated user visits the binary data endpoint with the MIME type specified as text/html
, the embedded script will execute within the user's browser session, potentially enabling account takeover, for instance, by initiating an unauthorized email address change.
transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the tokenization_gpt_neox_japanese.py
file, within the SubWordJapaneseTokenizer
class. The regex is designed to match Japanese price expressions, but because many of its components are optional (?
, *
), it matches overly broad patterns and exhibits exponential backtracking behavior on crafted inputs which can lead to high CPU usage.
Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to the improper handling of TextArea
properties with default content types. An attacker can execute arbitrary scripts that impact the confidentiality, integrity, and availability of the XWiki installation by inserting malicious scripts into these properties, which are then executed after an edit by a user with higher privileges.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.