 |
VOOZH | about |
|
VOOZH | about |
@langchain/langgraph-checkpoint-mongodb is a LangGraph
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the MongoDBSaver.getTuple() function. An attacker can access checkpoint data belonging to other tenants by injecting specially crafted objects as identifier fields, which are interpreted as query operators in MongoDB queries.
awxkit is a The official command line interface for Ansible AWX
Affected versions of this package are vulnerable to Directory Traversal via the !include directive in YAML files. An attacker can access arbitrary YAML-formatted files from the local filesystem by tricking a user into importing a malicious YAML file using awx --conf.format yaml import command.
Affected versions of this package are vulnerable to Direct Request ('Forced Browsing') due to missing granular authorization checks in the bulk role-mapping-delete endpoints (POST /admin/realms/{realm}/ui-ext/role-mapping-delete/users/{id} and POST /admin/realms/{realm}/ui-ext/role-mapping-delete/groups/{id}). An attacker can remove critical administrative roles from other users or groups by sending crafted requests to these endpoints after obtaining high-level administrative privileges.
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
