3.4.4
6 years ago
10 days ago
Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Improper Input Validation through the How to fix Improper Input Validation? Upgrade | <2.1.3 |
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) such that by default the How to fix Cross-site Request Forgery (CSRF)? Upgrade | <2.0.3 |
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Cross-site Scripting (XSS) as a result of an uploaded SVG file to the “Assets” tab by an attacker that has catalog permissions, which contains malicious code. How to fix Cross-site Scripting (XSS)? Upgrade | <1.5.2 |