gatsby-source-wordpress@5.6.0-next.1 vulnerabilities

Source data from WordPress in an efficient and scalable way.

Direct Vulnerabilities

Known vulnerabilities in the gatsby-source-wordpress package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Access Restriction Bypass

gatsby-source-wordpress is a Source data from WordPress in an efficient and scalable way.

Affected versions of this package are vulnerable to Access Restriction Bypass. It leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. A patch has been introduced which mitigates the issue by filtering all variables specified in the auth: { } section.

How to fix Access Restriction Bypass?

Upgrade gatsby-source-wordpress to version 4.0.8, 5.9.2 or higher.

<4.0.8 >=5.0.0 <5.9.2