#nodejs

### Impact A **Cross-Site Request Forgery (CSRF)** vulnerability was identified in Apollo’s **Embedded Sandbox** and **Embedded Explorer**. The vulnerability arises from missing origin validation in the client-side code that handles `window.postMessage` events. A malicious website can send forged messages to the embedding page, causing the victim’s browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victim’s cookies. #### Who is impacted Anyone embedding [Apollo Sandbox](https://www.apollographql.com/docs/graphos/platform/sandbox#embedding-sandbox) or [Apollo Explorer](https://www.apollographql.com/docs/graphos/platform/explorer/embed) in their website may have been affected by this vulnerability. - Users who embed Apollo Sandbox or Apollo Explorer in their websites via npm packages (`@apollo/sandbox` and `@apollo/explorer`) or direct links to Apollo’s CDN. - Users running Apollo Router with [embedded Sandbox enabled]...

# Security Advisory: express-xss-sanitizer ## Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. ## Affected Versions - All versions prior to 2.0.1 ## Patched Versions - 2.0.1 and later ## Description The sanitize function in lib/sanitize.js performed recursive sanitization without depth limiting, making it vulnerable to stack overflow attacks via specially crafted deeply nested JSON objects. ## Impact An attacker could cause denial-of-service by sending a request with deeply nested structures, potentially crashing the Node.js process. ## Solution Upgrade to version 2.0.1 or later: ```bash npm install express-xss-sanitizer@latest ```

/* ===== Container ===== */ .td-wrap {} /* ===== Section ===== */ .td-section { } .td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; } .td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; } /* ===== Timeline ===== */ .td-timeline { position: relative; margin: 0 !important;padding: 0!important; list-style: none; } /* spine */ .td-timeline:before {

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. ## Original Description Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.

The Mastra Docs MCP Server package `@mastra/mcp-docs-server` is a server designed to provide documentation context to AI agentic workflows, such as those used in AI-powered IDEs. **Resources:** * Package URL: [https://www.npmjs.com/package/@mastra/mcp-docs-server](https://www.npmjs.com/package/@mastra/mcp-docs-server) ----- ## Overview The `@mastra/mcp-docs-server` package in versions **0.13.18 and below** is vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file contents, but this check is effectively bypassed by subsequent logic that attempts to find directory suggestions. An attacker can leverage this flaw to list the contents of arbitrary directories on the user's filesystem, including the user's home directory, exposing sensitive information about the file system's structure. ----- ## Vulnerability The tool's code attempts to prevent path traversal with...

# Command Injection in adb-mcp MCP Server The MCP Server at https://github.com/srmorete/adb-mcp is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server is also published publicly to npm at www.npmjs.com/package/adb-mcp and allows users to install it. ## Vulnerable tool The MCP Server defines the function `executeAdbCommand()` which executes commands via string as a parameter and wraps the promise-based `exec` function. The MCP Server then exposes the tool `inspect_ui` which relies on Node.js child process API `exec` (through the function wrapper) to execute the Android debugging command (`adb`). Relying on `exec` is an unsafe and vulnerable API if concatenated with untrusted user input. Data flows from the tool definition [here](https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L343) which takes in `args.device` and calls `execPromise()` in [this definiti...

When using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running `yarn --version`. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to the user accepting the risks of working in an untrusted directory. Users running Yarn Classic were unaffected by this issue. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the latest version. Thank you to https://hackerone.com/michel_ for reporting this issue!

The Runtime components of messageformat package for Node.js prior to version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing of message data, an attacker can manipulate the prototype chain of JavaScript objects by providing specially crafted input. This can result in the injection of arbitrary properties into the Object.prototype, potentially leading to denial of service conditions or unexpected application behavior. The vulnerability allows attackers to alter the prototype of base objects, impacting all subsequent object instances throughout the application's lifecycle. This issue remains unaddressed in the latest available version.

The poisoned package, purporting to be a JavaScript utility, threatens the software supply chain with a highly obsfuscated credential stealer.

GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hulud malware.