org.webjars.npm:vxe-table 3.3.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.webjars.npm:vxe-table package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Prototype Pollution org.webjars.npm:vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected versions of this package are vulnerable to Prototype Pollution via the `lib.install` and `lib.setup` functions. An attacker can cause system unavailability by supplying a crafted payload with `Object.prototype` setter. How to fix Prototype Pollution? There is no fixed version for `org.webjars.npm:vxe-table`.	[0,)
L Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') org.webjars.npm:vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the `export` function. An attacker can inject malicious scripts by manipulating the `inputValue` argument. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Prototype Pollution

org.webjars.npm:vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration.

Affected versions of this package are vulnerable to Prototype Pollution via the lib.install and lib.setup functions. An attacker can cause system unavailability by supplying a crafted payload with Object.prototype setter.

How to fix Prototype Pollution?

There is no fixed version for org.webjars.npm:vxe-table.

[0,)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the export function. An attacker can inject malicious scripts by manipulating the inputValue argument.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

A fix was pushed into the master branch but not yet published.

[0,)

org.webjars.npm:vxe-table@3.3.9 vulnerabilities

latest version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?