Skip to main content

Gatsby

4 CVEs framework

Monthly

CVE-2023-34238 npm MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-30548 npm MEDIUM POC PATCH This Month

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-22491 npm MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React that helps developers build websites and apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Code Injection Gatsby
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-25863 npm CRITICAL POC PATCH Act Now

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Gatsby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React that helps developers build websites and apps. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Code Injection Gatsby
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Deserialization Gatsby
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy