12 matches found
CVE-2026-42047
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
CVE-2026-42047
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
CVE-2026-42047
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...
CVE-2026-42047
Inngest CVE-2026-42047 affects the TypeScript SDK versions 3.22.0–3.53.1. A change in 3.22.0 made the serve() HTTP handler’s diagnostic response expose process.env contents when unhandled methods PATCH, OPTIONS, or DELETE are used, allowing exfiltration of secrets, API keys, or credentials if the...
inngest-js 信息泄露漏洞
Inngest-js is an open-source framework developed by Inngest, designed to support various serverless platforms. It serves as a reliable event-driven and background task execution framework. Versions 3.22.0 to 3.53.1 of Inngest-js contain a vulnerability related to information leakage. This...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview inngest is an Official SDK for Inngest.com. Inngest is the reliability layer for modern applications. Inngest combines durable execution, events, and queues into a zero-infra platform with built-in observability. Affected versions of this package are vulnerable to Exposure of Sensitive...
GHSA-2JF5-6WWV-VHXX Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods
Summary A vulnerability in the Inngest TypeScript SDK versions 3.22.0 through 3.53.1 allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the serve HTTP handler. The serve handler implements GET, POST, and PUT methods. Requests using PATCH, OPTIONS...
@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)
inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...
@b3dotfun/b3-api (>=0.0.42 <=0.0.102), @b3dotfun/sdk (>=0.0.27-alpha.1 <=0.1.70-alpha.9) +38 more potentially affected by CVE-2026-42047 via inngest (>=3.22.13 <=3.47.0)
inngest NPM version =3.22.13, =0.0.42, =0.0.27-alpha.1, =1.0.4, =0.0.26, =2.0.5, =0.0.3-canary.1, =0.1.2, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.0, =0.1.13, =1.0.1-alpha.0, =0.0.1, =1.0.1, =1.0.4-alpha.13 and more Source cves: CVE-2026-42047 Source advisory:...
PT-2026-37248
Name of the Vulnerable Software and Affected Versions Inngest versions 3.22.0 through 3.53.1 Description Unauthenticated remote attackers can exfiltrate environment variables from the host process via the 'serve' HTTP handler. While the 'serve' handler implements GET, POST, and PUT methods,...