@builder.io/qwik 1.5.7-dev20240622123731 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @builder.io/qwik package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the unsafe virtual node serialization. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious web scripts into server-rendered pages. How to fix Cross-site Scripting (XSS)? Upgrade `@builder.io/qwik` to version 1.19.0 or higher.	<1.19.0
C Uncaught Exception @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Uncaught Exception via the `QRL` execution process when an invalid `qfunc` is sent and the server fails to handle the resulting error. An attacker can cause the server to crash and terminate unexpectedly by sending a specially crafted request. How to fix Uncaught Exception? Upgrade `@builder.io/qwik` to version 1.13.0 or higher.	<1.13.0
M Cross-site Scripting (XSS) @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping in the server-side rendering process. An attacker can manipulate the DOM by injecting malicious scripts through crafted input that bypasses the escaping rules. How to fix Cross-site Scripting (XSS)? Upgrade `@builder.io/qwik` to version 1.7.3 or higher.	<1.7.3

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the unsafe virtual node serialization. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious web scripts into server-rendered pages.

How to fix Cross-site Scripting (XSS)?

Upgrade @builder.io/qwik to version 1.19.0 or higher.

<1.19.0

Uncaught Exception

@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation.

Affected versions of this package are vulnerable to Uncaught Exception via the QRL execution process when an invalid qfunc is sent and the server fails to handle the resulting error. An attacker can cause the server to crash and terminate unexpectedly by sending a specially crafted request.

How to fix Uncaught Exception?

Upgrade @builder.io/qwik to version 1.13.0 or higher.

<1.13.0

Cross-site Scripting (XSS)

@builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper HTML escaping in the server-side rendering process. An attacker can manipulate the DOM by injecting malicious scripts through crafted input that bypasses the escaping rules.

How to fix Cross-site Scripting (XSS)?

Upgrade @builder.io/qwik to version 1.7.3 or higher.

<1.7.3

@builder.io/qwik@1.5.7-dev20240622123731 vulnerabilities

An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically