CVE-2023-34238
- EPSS 0.59%
- Veröffentlicht 08.06.2023 00:15:09
- Zuletzt bearbeitet 21.11.2024 08:06:50
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the `__file-code-frame` and `__original-stack-frame` paths, exposed when running the Ga...
CVE-2023-30548
- EPSS 2.64%
- Veröffentlicht 17.04.2023 21:15:07
- Zuletzt bearbeitet 21.11.2024 08:00:24
gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains a path traversal vulnerability exposed when runni...
CVE-2023-22491
- EPSS 0.26%
- Veröffentlicht 13.01.2023 19:15:12
- Zuletzt bearbeitet 11.03.2025 14:15:16
Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerabl...
CVE-2022-25863
- EPSS 0.71%
- Veröffentlicht 10.06.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:53:08
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization...