vant@2.13.5 vulnerabilities

Mobile UI Components built on Vue

latest version

4.9.21

latest non vulnerable version

4.9.21

first published

8 years ago

latest version published

4 months ago

licenses detected

MIT
>=0.0.1 <0.3.0; >=0.9.9

View vant package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the vant package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Embedded Malicious Code vant is a collection of UI components for Vue. Affected versions of this package are vulnerable to Embedded Malicious Code which is triggered through the `postinstall` script. The obfuscated malicious code in the file `lib/util/support.js` ran a Monero miner and has been removed since versions 2.13.6, 3.6.16 and 4.9.15. How to fix Embedded Malicious Code? Avoid using all malicious instances of the `vant` package.	>=2.13.3 <2.13.6>=3.6.13 <3.6.16>=4.9.11 <4.9.15

Embedded Malicious Code

vant is a collection of UI components for Vue.

Affected versions of this package are vulnerable to Embedded Malicious Code which is triggered through the postinstall script. The obfuscated malicious code in the file lib/util/support.js ran a Monero miner and has been removed since versions 2.13.6, 3.6.16 and 4.9.15.

How to fix Embedded Malicious Code?

Avoid using all malicious instances of the vant package.

>=2.13.3 <2.13.6>=3.6.13 <3.6.16>=4.9.11 <4.9.15

Go back to all versions of this package