vxe-table@3.1.1-beta.0 vulnerabilities

一个基于 vue 的 PC 端表格组件，支持增删改查、虚拟树、拖拽排序，懒加载、快捷菜单、数据校验、树形结构、打印、导入导出、自定义模板、渲染器、JSON 配置式...

latest version

4.10.15

first published

5 years ago

latest version published

3 days ago

licenses detected

MIT
>=0

View vxe-table package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the vxe-table package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Prototype Pollution vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected versions of this package are vulnerable to Prototype Pollution via the `lib.install` and `lib.setup` functions. An attacker can cause system unavailability by supplying a crafted payload with `Object.prototype` setter. How to fix Prototype Pollution? There is no fixed version for `vxe-table`.	*
L Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration. Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the `export` function. An attacker can inject malicious scripts by manipulating the `inputValue` argument. How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')? Upgrade `vxe-table` to version 3.8.5 or higher.	<3.8.5

Prototype Pollution

vxe-table is an A PC form/table component based on Vue , supporting add, delete, modify, query, virtual tree, drag and drop sorting, lazy loading, shortcut menu, data validation, import/export/print, form rendering, custom templates, renderer, JSON configuration.

Affected versions of this package are vulnerable to Prototype Pollution via the lib.install and lib.setup functions. An attacker can cause system unavailability by supplying a crafted payload with Object.prototype setter.

How to fix Prototype Pollution?

There is no fixed version for vxe-table.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the export function. An attacker can inject malicious scripts by manipulating the inputValue argument.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

Upgrade vxe-table to version 3.8.5 or higher.

<3.8.5

Go back to all versions of this package