Lucene search
K

19 matches found

OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-21209 Malicious code in gatsby-source-fauna-id (npm)

The package gatsby-source-fauna-id was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-21210 Malicious code in gatsby-source-wordpress-bcgdv (npm)

The package gatsby-source-wordpress-bcgdv was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in gatsby-source-fauna-id (npm)

The package gatsby-source-fauna-id was found to contain malicious code...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.7 views

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.1AI score0.01414EPSS
Exploits1References1
OSV
OSV
added 2022/06/20 8:13 p.m.12 views

MAL-2022-3286 Malicious code in gatsby-source-data-dictionary (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 609b9ce0046338f15cd270efb8914e5b4c3697afc1ac16fe9e0ac9d5ab9b2624 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:13 p.m.4 views

Malicious code in gatsby-source-remote-images (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 577af0caf4e2d89635899c7917d4325d1b95c887265d00b15af3b50369437888 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:13 p.m.12 views

MAL-2022-3288 Malicious code in gatsby-source-remote-images (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 577af0caf4e2d89635899c7917d4325d1b95c887265d00b15af3b50369437888 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:13 p.m.3 views

Malicious code in gatsby-source-newrelic-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79639755076ff66e9e9e394bf4cc78000e6aaa78d368477800acc0bff8c00361 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:13 p.m.9 views

MAL-2022-3287 Malicious code in gatsby-source-newrelic-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79639755076ff66e9e9e394bf4cc78000e6aaa78d368477800acc0bff8c00361 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Node.js
Node.js
added 2021/07/19 3:36 p.m.77 views

Sensitive Data Exposure

Overview The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

5CVSS1.8AI score0.01414EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/07/19 3:21 p.m.24 views

GHSA-RQJW-P5VR-C695 Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

7.5CVSS7.6AI score0.01414EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/07/19 3:21 p.m.9 views

@suldev/gatsby-theme-foundry (>=1.0.0 <=1.0.17) potentially affected by CVE-2021-32770 via gatsby-source-wordpress (=5.15.0)

gatsby-source-wordpress NPM version =5.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on gatsby-source-wordpress and may be impacted: - @suldev/gatsby-theme-foundry =1.0.0, =1.0.17 Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

7.5CVSS7.1AI score0.01414EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/07/19 3:21 p.m.3 views

@agileana/agileana-theme (>=0.0.1 <=0.0.3), @ajberkow/gatsby-theme-ucomm (>=0.0.1 <=0.0.8) +14 more potentially affected by CVE-2021-32770 via gatsby-source-wordpress (>=2.0.93 <=3.11.0)

gatsby-source-wordpress NPM version =2.0.93, =0.0.1, =0.0.1, =1.0.0, =1.3.1-alpha, =1.0.0, =1.0.0, =1.0.11, =1.0.26, =1.0.40, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.0.1, =0.0.4 and more Source cves: CVE-2021-32770 Source advisory: OSV:GHSA-RQJW-P5VR-C695...

7.5CVSS7.1AI score0.01414EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/07/19 3:21 p.m.109 views

Basic-auth app bundle credential exposure in gatsby-source-wordpress

Impact The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...

7.5CVSS1.4AI score0.01414EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/07/15 7:15 p.m.14 views

CVE-2021-32770

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.7AI score
Exploits0References1
Cvelist
Cvelist
added 2021/07/15 6:30 p.m.31 views

CVE-2021-32770 Basic-auth app bundle credential exposure in gatsby-source-wordpress

Gatsby is a framework for building websites. The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js a...

7.5CVSS7.9AI score0.01414EPSS
Exploits1References1
CVE
CVE
added 2021/07/15 6:30 p.m.80 views

CVE-2021-32770

The CVE-2021-32770 entry concerns the gatsby-source-wordpress plugin. Affected versions (prior to 4.0.8 and 5.9.2) leak .htaccess HTTP Basic Authentication credentials into the app.js bundle at build time. The root cause is exposure of credentials from auth.htaccess during build, which may affect...

7.5CVSS7.6AI score0.01414EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/07/15 12:0 a.m.7 views

gatsby 信息泄露漏洞

gatsby is a software application. A free open source framework based on React that helps developers build extremely fast websites and applications. A security vulnerability exists in gatsby that stems from the gatsby-source-wordpress plugin leaking .htaccess HTTP basic authentication variables in...

7.5CVSS7.3AI score0.01414EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/07/15 12:0 a.m.7 views

PT-2021-19918 · WordPress · Gatsby-Source-Wordpress

Name of the Vulnerable Software and Affected Versions: gatsby-source-wordpress versions prior to 4.0.8 and 5.9.2 Description: The gatsby-source-wordpress plugin leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. This issue affects users who initialize...

7.5CVSS7.5AI score0.01414EPSS
Exploits1References6
Rows per page
Query Builder