nuclide@0.109.0-beta1 vulnerabilities

A unified developer experience for web and mobile development, built as a suite of features on top of Atom to provide hackability and the support of an active community.

Direct Vulnerabilities

Known vulnerabilities in the nuclide package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Execution

nuclide is a collection of features for Atom to provide IDE-like functionality for a variety of programming languages and technologies.

Affected versions of this package are vulnerable to Arbitrary Code Execution. The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution.

How to fix Arbitrary Code Execution?

Upgrade nuclide to version 0.290.0 or higher.

<0.290.0