loading...
Snyk

[Security Disclosures] Weekly Roundup (Oct 19-Oct 29)

snykcommunity profile image SnykCommunity ・2 min read

Hey folks in order to have quick access to our recent security updates, we will be creating a weekly roundup of vulnerability disclosures from our site.

  • HIGH: Path Traversal in browserless-chrome (npm) | CVE-2020-7758 | Discovered by Snyk Security Team - 2020-10-29
  • MED: Path Traversal in droppy (npm) | CVE-2020-7757 | Discovered by Snyk Security Team - 020-10-29
  • HIGH: Regular Expression Denial of Service (ReDoS) in trim (npm) | CVE-2020-7753 | Discovered by Liyuan Chen - 2020-10-27
  • HIGH: Command Injection in systeminformation (npm) | CVE-2020-7752 | Discovered by EffectRenan - 2020-10-26
  • MED: Prototype Pollution in pathval (npm) | CVE-2020-7751 | Discovered by posix - 2020-10-25
  • HIGH: Cross-site Scripting (XSS) in scratch-svg-renderer (npm) | CVE-2020-7750 | Discovered by apple502j - 2020-10-21
  • HIGH: Server-side Request Forgery (SSRF) in osm-static-maps (npm) | CVE-2020-7749 | Discovered by Vasilii Ermilov - 2020-10-19
  • MED: Prototype Pollution in @tsed/core (npm) | CVE-2020-7748 | Discovered by Snyk Security Team - 2020-10-19
  • MED: Cross-site Scripting (XSS) in lightning-server (npm) | CVE-2020-7747 | Discovered by Snyk Security Team - 2020-10-19
  • HIGH: Prototype Pollution in chart.js (npm) | CVE-2020-7746 | Discovered by Alessio Della Libera (d3lla) - 2020-10-19

Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.

If you have found a security vulnerability you are welcome to report them to us here.

Discussion

pic
Editor guide
Collapse
lirantal profile image
Liran Tal

Stay tuned because I'm writing a blog post about this one specifically:

HIGH: Command Injection in systeminformation (npm) | CVE-2020-7752 | Discovered by EffectRenan - 2020-10-26

Collapse
shar1z profile image
Sharone Zitzman

Nice! Looking forward to seeing that...!