loading...
Cover image for [Security Disclosures] Weekly Roundup (Nov 08 - 12)
Snyk

[Security Disclosures] Weekly Roundup (Nov 08 - 12)

snykcommunity profile image SnykCommunity ・2 min read

Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.

  • HIGH: Command Injection in nodemailer (npm) | CVE-2020-7769 | Discovered by Vineet Kumar - 2020-11-12
  • MED: Cross-site Scripting (XSS) in lavalite/cms (composer) | 2020-11-12
  • HIGH: Regular Expression Denial of Service (ReDoS) in express-validators (npm) | CVE-2020-7767 | Discovered by Yeting Li - 2020-11-11
  • HIGH: Prototype Pollution in grpc (npm) | CVE-2020-7768 | Discovered by NerdJS - 2020-11-11
  • HIGH: Prototype Pollution in @grpc/grpc-js (npm) | CVE-2020-7768 | Discovered by NerdJS - 2020-11-11
  • HIGH: Prototype Pollution in json-ptr (npm) | CVE-2020-7766 | Discovered by Alessio Della Libera (d3lla) - 2020-11-10
  • MED: Prototype Pollution in @firebase/util (npm) | CVE-2020-7765 | Discovered by Snyk Security Team - 2020-11-09
  • MED: Web Cache Poisoning in find-my-way (npm) | CVE-2020-7764 | Discovered by Discovered by trygve_lie - 2020-11-08

Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.

If you have found a security vulnerability you are welcome to report them to us here.

Discussion

pic
Editor guide