Homepage
About Snyk

event-source-polyfill@1.0.28 vulnerabilities

A polyfill for http://www.w3.org/TR/eventsource/

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the event-source-polyfill package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Undesired Behavior

event-source-polyfill is an A polyfill for http://www.w3.org/TR/eventsource/

Affected versions of this package are vulnerable to Undesired Behavior. This package geo-locates users based on their IP address and if the user is Russia-based prints a political protest message in the browser 15 seconds after the package is loaded. The package then tries to redirect the browser into another website via the windows.call command.

Note: This issue affects versions starting with 1.0.26, previous versions other than 1.0.26 are not affected.

How to fix Undesired Behavior?

Upgrade event-source-polyfill to version 1.0.29 or higher.

>=1.0.26 <1.0.29
Go back to all versions of this package