Storybook
Monthly
Injection vulnerability in Storybook frontend workshop before 7.6.23 allows injecting malicious content through component stories. Patch available.
Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.
Injection vulnerability in Storybook frontend workshop before 7.6.23 allows injecting malicious content through component stories. Patch available.
Information disclosure in Storybook for Node.js versions 7.0.0 through 10.1.9 exposes environment variables from `.env` files when using `storybook build` command. Unpatched projects building Storybook in directories containing `.env` files risk bundling sensitive credentials into publicly viewable artifacts. Unauthenticated attackers accessing published Storybook bundles can extract secrets from source code. Runtime dev mode, CI builds using platform environment variables, and co-located applications remain unaffected. No public exploit identified at time of analysis.