3.1.0
5 years ago
11 days ago
Known vulnerabilities in the @vendure/core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Improper Input Validation through the How to fix Improper Input Validation? Upgrade | <2.1.3 |
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) such that by default the How to fix Cross-site Request Forgery (CSRF)? Upgrade | <2.0.3 |
@vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Cross-site Scripting (XSS) as a result of an uploaded SVG file to the “Assets” tab by an attacker that has catalog permissions, which contains malicious code. How to fix Cross-site Scripting (XSS)? Upgrade | <1.5.2 |