@builder.io/qwik@0.14.1 vulnerabilities
An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation.
-
latest version
1.11.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
38 minutes ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @builder.io/qwik package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping in the server-side rendering process. An attacker can manipulate the DOM by injecting malicious scripts through crafted input that bypasses the escaping rules. How to fix Cross-site Scripting (XSS)? Upgrade |
<1.7.3
|
@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The How to fix Deserialization of Untrusted Data? Upgrade |
<0.21.0
|
@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to attribute names and the class attribute values not being properly handled. How to fix Cross-site Scripting (XSS)? Upgrade |
<0.16.2
|