rendr@0.4.0 vulnerabilities
Render your Backbone.js apps on the client and the server.
-
latest version
1.1.4
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
9 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the rendr package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of the package are vulnerable to Cross-site Scripting (XSS).
View options are automatically unescaped whenever they are rendered to the DOM, and rendr unescapes is as well. This may allow attackers to execute XSS attacks (e.g. when displaying escaped HTML in a How to fix Cross-site Scripting (XSS)? Upgrade |
>=0.4.0 <1.1.4
|
Affected versions of the package are vulnerable to Cross-site Scripting (XSS). How to fix Cross-site Scripting (XSS)? Upgrade |
<0.5.0-rc1
|
Affected versions of the package do not sanitize the key value in the server router and are vulnerable to Cross-site Scripting (XSS) attacks. How to fix Cross-site Scripting (XSS)? Upgrade |
<0.4.8-2
|
Rendr-handlebars is a library that allows the handlebars templating engine to be used with Rendr framework projects. The templating can occur either on the client or the server. Versions up to 1.1.3 have a cross site scripting (XSS) issue when rendered inside a Source: Node Security Project How to fix Cross-site Scripting (XSS)? Upgrade to |
<1.1.4
|