Homepage

zsa@0.2.1 vulnerabilities

`zsa` is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration

  • latest version

    0.6.0

  • latest non vulnerable version

    0.6.0

  • first published

    1 years ago

  • latest version published

    10 months ago

  • licenses detected

  • View zsa package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the zsa package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Generation of Error Message Containing Sensitive Information

    zsa is a zsa is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration

    Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the error message generation process. An attacker can obtain sensitive server information, such as machine usernames and directory paths, by exploiting the transfer of parse error stacks from the server to the client in production build mode.

    How to fix Generation of Error Message Containing Sensitive Information?

    Upgrade zsa to version 0.3.3 or higher.

    <0.3.3
    Go back to all versions of this package