Skip to content

Snyk Community

Snyk Community is a community of amazing users

The place for Snyk users & security enthusiasts to share their experience and learn from each other.

Create account Log in

SnykCommunity for Snyk

Posted on Dec 3, 2020

[Security Disclosures] Weekly Roundup (Nov 20 - 25)

#securityupdates #vulndb #ecosystem

Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.

HIGH: Prototype Pollution in systeminformation (npm) | CVE-2020-7778 | Discovered by EffectRenan - 2020-11-25
HIGH: Arbitrary Code Execution in jsen (npm) | CVE-2020-7777 | Discovered by Alessio Della Libera (d3lla) - 2020-11-23
MED: Regular Expression Denial of Service (ReDoS) in djvalidator (npm) | CVE-2020-7779 | Discovered by Yeting Li - 2020-11-19 (CVE UPDATED)

Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.

If you have found a security vulnerability you are welcome to report them to us here.

Discussion (0)

Subscribe

Read next

Announcing Vulnerability-Alerts.com

Schalk Neethling - Oct 30 '20

[Video] Malicious Mintegral SDK Leaks Data on Android

Simon Maple - Oct 21 '20

[Announcement] Snyk and Docker Deepen Integration through New Features

Jim Armstrong - Oct 21 '20

[Announcement] Snyk and IBM Cloud DevOps Integration

Sarah - Oct 21 '20