org.webjars.npm:svelte@3.42.4 vulnerabilities
-
latest version
4.2.19
-
latest non vulnerable version
-
first published
4 years ago
-
latest version published
18 days ago
-
licenses detected
- [3.20.1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.webjars.npm:svelte package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to a mismatch between attribute value and other string sanitization rules. An attacker can execute scripts by injecting malicious content into an attribute in a How to fix Cross-site Scripting (XSS)? Upgrade |
[,4.2.19)
|
org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering).
Exploiting this vulnerability is possible via objects with a custom How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.49.0)
|
org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when objects are rendered directly to attribute values as unescaped strings. This means an object with a custom How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.55.1)
|