4 matches found
@caliperai/caliper (>=0.2.0 <=0.3.0), @doccov/api (>=0.6.0 <=0.6.4) +10 more potentially affected by CVE-2026-44479 via vercel (>=50.44.0 <=51.8.0)
vercel NPM version =50.44.0, =0.2.0, =0.6.0, =0.3.0-rc.2, =3.10.3, =1.1.1, =1.0.1, =1.0.2, =0.1.19, =0.4.0-rc.3, =1.0.0, =2.0.0 Source cves: CVE-2026-44479 Source advisory: OSV:GHSA-PGF8-2HGJ-GRQG...
@caliperai/caliper (>=0.2.0 <=0.3.0), @doccov/api (>=0.6.0 <=0.6.4) +10 more potentially affected by CVE-2026-44479 via vercel (>=50.44.0 <=51.8.0)
vercel NPM version =50.44.0, =0.2.0, =0.6.0, =0.3.0-rc.2, =3.10.3, =1.1.1, =1.0.1, =1.0.2, =0.1.19, =0.4.0-rc.3, =1.0.0, =2.0.0 Source cves: CVE-2026-44479 Source advisory: SNYK:JS-VERCEL-16638653...
Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
Summary The @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirel...
GHSA-MR6Q-RP88-FX84 Astro: Unauthenticated Path Override via `x-astro-path` / `x_astro_path`
Summary The @astrojs/vercel serverless entrypoint reads the x-astro-path header and xastropath query parameter to rewrite the internal request path, with no authentication whatsoever. On deployments without Edge Middleware, this lets anyone bypass Vercel's platform-level path restrictions entirel...