vuetify 2.4.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the vuetify package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `title-date-format` property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the user's browser by supplying a crafted function that outputs unsanitized HTML, which is then assigned to the `innerHTML` property of the title element. How to fix Cross-site Scripting (XSS)? Upgrade `vuetify` to version 3.0.0 or higher.	>=2.0.0 <3.0.0
H Prototype Pollution vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Prototype Pollution via the `mergeDeep` function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript objects by supplying a specially-crafted preset, potentially impacting application behavior, exhausting resources, or enabling unauthorized data access. Note: If Server-Side Rendering (SSR) is used, the entire server process may be affected. How to fix Prototype Pollution? Upgrade `vuetify` to version 3.0.0-alpha.10 or higher.	>=2.2.0-beta.2 <3.0.0-alpha.10
L Cross-site Scripting (XSS) vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the improper neutralization of input in the `eventMoreText` property of the `VCalendar` component. An attacker can execute arbitrary script code in the context of the user's browser session by inserting malicious HTML or JavaScript code into this property. How to fix Cross-site Scripting (XSS)? Upgrade `vuetify` to version 3.0.0 or higher.	>=2.0.0 <3.0.0
M Cross-site Scripting (XSS) vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the `VCalendar` component. How to fix Cross-site Scripting (XSS)? Upgrade `vuetify` to version 2.6.10 or higher.	>=2.0.0-beta.4 <2.6.10

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

vuetify is an a Material Design component framework for Vue.js.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the user's browser by supplying a crafted function that outputs unsanitized HTML, which is then assigned to the innerHTML property of the title element.

How to fix Cross-site Scripting (XSS)?

Upgrade vuetify to version 3.0.0 or higher.

>=2.0.0 <3.0.0

Prototype Pollution

vuetify is an a Material Design component framework for Vue.js.

Affected versions of this package are vulnerable to Prototype Pollution via the mergeDeep function used to merge preset options with defaults. An attacker can inject arbitrary properties into all JavaScript objects by supplying a specially-crafted preset, potentially impacting application behavior, exhausting resources, or enabling unauthorized data access.

Note: If Server-Side Rendering (SSR) is used, the entire server process may be affected.

How to fix Prototype Pollution?

Upgrade vuetify to version 3.0.0-alpha.10 or higher.

>=2.2.0-beta.2 <3.0.0-alpha.10

Cross-site Scripting (XSS)

vuetify is an a Material Design component framework for Vue.js.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to the improper neutralization of input in the eventMoreText property of the VCalendar component. An attacker can execute arbitrary script code in the context of the user's browser session by inserting malicious HTML or JavaScript code into this property.

How to fix Cross-site Scripting (XSS)?

Upgrade vuetify to version 3.0.0 or higher.

>=2.0.0 <3.0.0

Cross-site Scripting (XSS)

vuetify is an a Material Design component framework for Vue.js.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

How to fix Cross-site Scripting (XSS)?

Upgrade vuetify to version 2.6.10 or higher.

>=2.0.0-beta.4 <2.6.10

vuetify@2.4.2 vulnerabilities

Vue Material Component Framework

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically