sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694.

Related CVEs

CVE-2017-8914

Key Information

GHSA ID

GHSA-9x55-q22x-jwxq

Published

May 13, 2022 1:47 AM

Last Modified

April 20, 2025 3:38 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 31, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.