MAL-2025-37116 Malicious code in toxiproxy (npm)

The package toxiproxy was found to contain malicious code...

Malicious code in toxiproxy (npm)

The package toxiproxy was found to contain malicious code...

[SECURITY] Fedora 36 Update: golang-github-shopify-toxiproxy-2.1.4-11.fc36

Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...

Fedora: Security Advisory for golang-github-shopify-toxiproxy (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Same-Origin Policy Bypass

github.com/shopify/toxiproxy is vulnerable to same-origin policy bypass. A malicious user can use the library to bypass web browsers same origin policy and obtain sensitive information...

Shopify: [out-of-scope] toxiproxy: Lack of CSRF protection allows an attacker to gain access to internal Shopify network

Disclaimer In case this report ever becomes public I wanted to start it out with a disclaimer so it doesn't become referenced an example for out-of-scope/policy violating submissions in the future: At the time of submission this report is out-of-scope and as such I have no expectations of reward...