rendr@1.0.5 vulnerabilities

Render your Backbone.js apps on the client and the server.

latest version

1.1.4
latest non vulnerable version

1.1.4
first published

11 years ago
latest version published

8 years ago
licenses detected
- MIT
  >=0
View rendr package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the rendr package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) `rendr` is your Backbone.js apps on the client and the server. Affected versions of the package are vulnerable to Cross-site Scripting (XSS). View options are automatically unescaped whenever they are rendered to the DOM, and rendr unescapes is as well. This may allow attackers to execute XSS attacks (e.g. when displaying escaped HTML in a `_block`). How to fix Cross-site Scripting (XSS)? Upgrade `rendr` to version 1.1.4 or higher.	>=0.4.0 <1.1.4
H Cross-site Scripting (XSS) Rendr-handlebars is a library that allows the handlebars templating engine to be used with Rendr framework projects. The templating can occur either on the client or the server. Versions up to 1.1.3 have a cross site scripting (XSS) issue when rendered inside a `_block` during client side rendering. Server side rendering is not affected and is properly escaped. Source: Node Security Project How to fix Cross-site Scripting (XSS)? Upgrade to `rendr-handlerbars` version `1.1.4`	<1.1.4

Cross-site Scripting (XSS)

rendr is your Backbone.js apps on the client and the server.

Affected versions of the package are vulnerable to Cross-site Scripting (XSS). View options are automatically unescaped whenever they are rendered to the DOM, and rendr unescapes is as well. This may allow attackers to execute XSS attacks (e.g. when displaying escaped HTML in a _block).

How to fix Cross-site Scripting (XSS)?

Upgrade rendr to version 1.1.4 or higher.

>=0.4.0 <1.1.4

Cross-site Scripting (XSS)

Rendr-handlebars is a library that allows the handlebars templating engine to be used with Rendr framework projects. The templating can occur either on the client or the server.

Versions up to 1.1.3 have a cross site scripting (XSS) issue when rendered inside a _block during client side rendering. Server side rendering is not affected and is properly escaped.

Source: Node Security Project

How to fix Cross-site Scripting (XSS)?

Upgrade to rendr-handlerbars version 1.1.4

<1.1.4

Go back to all versions of this package

rendr@1.0.5 vulnerabilities

Render your Backbone.js apps on the client and the server.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities