zsa@0.2.1 vulnerabilities

`zsa` is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration

latest version

0.6.0
latest non vulnerable version

0.6.0
first published

4 months ago
latest version published

23 days ago
licenses detected
- MIT
  >=0
View zsa package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the zsa package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Generation of Error Message Containing Sensitive Information zsa is a `zsa` is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the error message generation process. An attacker can obtain sensitive server information, such as machine usernames and directory paths, by exploiting the transfer of parse error stacks from the server to the client in production build mode. How to fix Generation of Error Message Containing Sensitive Information? Upgrade `zsa` to version 0.3.3 or higher.	<0.3.3

Generation of Error Message Containing Sensitive Information

zsa is a zsa is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration

Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to the error message generation process. An attacker can obtain sensitive server information, such as machine usernames and directory paths, by exploiting the transfer of parse error stacks from the server to the client in production build mode.

How to fix Generation of Error Message Containing Sensitive Information?

Upgrade zsa to version 0.3.3 or higher.

<0.3.3

Go back to all versions of this package

zsa@0.2.1 vulnerabilities

`zsa` is a library for building typesafe server actions in Next.js. It provides a simple, scalable developer experience with features like validated inputs/outputs, procedures (middleware) for passing context to server actions, and React Query integration

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities