4 matches found
@ainsleydev/payload-helper (>=0.0.16 <=0.0.20), @contentql/core (>=0.1.2 <=0.3.5) +2 more potentially affected by CVE-2026-34750 via @payloadcms/storage-s3 (>=3.0.0-beta.111 <=3.0.0-beta.91)
@payloadcms/storage-s3 NPM version =3.0.0-beta.111, =0.0.16, =0.1.2, =0.1.0, =0.1.4, =0.1.5 Source cves: CVE-2026-34750 Source advisory: SNYK:JS-PAYLOADCMSSTORAGES3-15873860...
Directory Traversal
Overview @payloadcms/storage-s3 is a Payload storage adapter for Amazon S3 Affected versions of this package are vulnerable to Directory Traversal via insufficient sanitization of filenames in the client-upload signed-URL endpoints for S3, GCS, Azure, and R2. An attacker can escape the intended...
@ainsleydev/payload-helper (>=0.0.16 <=0.0.20), @contentql/core (>=0.1.2 <=0.3.5) +2 more potentially affected by CVE-2026-34750 via @payloadcms/storage-s3 (>=3.0.0-beta.111 <=3.0.0-beta.91)
@payloadcms/storage-s3 NPM version =3.0.0-beta.111, =0.0.16, =0.1.2, =0.1.0, =0.1.4, =0.1.5 Source cves: CVE-2026-34750 Source advisory: OSV:GHSA-FRQ9-7J6G-V74X...
@aaa-backend-stack/file-storage-local (>=1.16.0 <=2.4.4), @aaa-backend-stack/file-storage-s3 (>=1.16.0 <=2.4.4) +602 more potentially affected by unknown CVE via zxcvbn (>=2.0.1 <=4.4.2)
zxcvbn NPM version =2.0.1, =1.16.0, =1.16.0, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =1.16.1, =1.0.0, =0.0.9, =1.7.7, =2.0.6, =0.0.5, =2.0.10 - @abler/ats-front-resources-api =1.1.10 and more Source cves: unknown CVE Source advisory: SNYK:JS-ZXCVBN-3257741...