nuclide@0.174.0 vulnerabilities

A unified developer experience for web and mobile development, built as a suite of features on top of Atom to provide hackability and the support of an active community.

  • latest version

    0.366.0

  • latest non vulnerable version

  • first published

    9 years ago

  • latest version published

    6 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the nuclide package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Arbitrary Code Execution

    nuclide is a collection of features for Atom to provide IDE-like functionality for a variety of programming languages and technologies.

    Affected versions of this package are vulnerable to Arbitrary Code Execution. The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution.

    How to fix Arbitrary Code Execution?

    Upgrade nuclide to version 0.290.0 or higher.

    <0.290.0