event-source-polyfill@1.0.28 vulnerabilities
A polyfill for http://www.w3.org/TR/eventsource/
-
latest version
1.0.31
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the event-source-polyfill package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
event-source-polyfill is an A polyfill for http://www.w3.org/TR/eventsource/ Affected versions of this package are vulnerable to Undesired Behavior. This package geo-locates users based on their IP address and if the user is Russia-based prints a political protest message in the browser 15 seconds after the package is loaded. The package then tries to redirect the browser into another website via the Note: This issue affects versions starting with 1.0.26, previous versions other than 1.0.26 are not affected. How to fix Undesired Behavior? Upgrade |
>=1.0.26 <1.0.29
|