Homepage

swiper@6.4.0

Most modern mobile touch slider and framework with hardware accelerated transitions

  • latest version

    12.2.0

  • latest non vulnerable version

    12.2.0

  • first published

    11 years ago

  • latest version published

    11 days ago

  • licenses detected

    • MIT
      >=0.9.0-beta.12 <2.7.0; >=3.0.0
  • View swiper package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the swiper package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Prototype Pollution

    swiper is a Most modern mobile touch slider and framework with hardware accelerated transitions

    Affected versions of this package are vulnerable to Prototype Pollution via the swiper.default.extendDefaults() function due to the recursively calling of extend() function in the source files src/angular/src/utils/utils.ts, src/react/utils.js, src/svelte/utils.js, src/vue/utils.js and src/utils/utils.js. This vulnerability allows modification of the Object prototype. If an attacker can control part of the structure passed to this function, they could add or modify an existing property.

    How to fix Prototype Pollution?

    Upgrade swiper to version 6.5.1 or higher.

    <6.5.1
    Go back to all versions of this package