waku@1.0.0-alpha.9

⛩️ The minimal React framework

  • latest version

    1.0.0-beta.6

  • latest non vulnerable version

  • first published

    3 years ago

  • latest version published

    14 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the waku package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Open Redirect

    waku is a ⛩️ The minimal React framework

    Affected versions of this package are vulnerable to Open Redirect via the unstable_redirect function. An attacker can cause a user to be redirected to an arbitrary external domain by supplying crafted input that is reflected into the HTTP Location header without validation. This can enable phishing, credential theft, or other malicious actions if a victim clicks a specially crafted link.

    How to fix Open Redirect?

    Upgrade waku to version 1.0.0-beta.1 or higher.

    <1.0.0-beta.1
    • H
    Cross-site Request Forgery (CSRF)

    waku is a ⛩️ The minimal React framework

    Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) through the request process. An attacker can execute unauthorized server actions by sending cross-origin POST requests with CORS-safelisted content types, causing the victim's browser to perform state-changing operations with their credentials attached. This is only exploitable if the application exposes server actions via 'use server' and the request is made to the RSC dispatch endpoint without an Origin validation step.

    How to fix Cross-site Request Forgery (CSRF)?

    Upgrade waku to version 1.0.0-beta.1 or higher.

    <1.0.0-beta.1