<p>Upgrade <code>styled-components</code> to version 5.3.7 or higher.</p>

Undesired Behavior Affecting styled-components package, versions >=5.3.5 <5.3.7

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JS-STYLEDCOMPONENTS-3149924
published 28 Nov 2022
disclosed 28 Nov 2022
credit albertwangnz

Report a new vulnerability Found a mistake?

Introduced: 28 Nov 2022

CWE-438 Open this link in a new tab

How to fix?

Upgrade styled-components to version 5.3.7 or higher.

Overview

Affected versions of this package are vulnerable to Undesired Behavior via the postinstall.js file which looks for users using a ru time-zone to show a political protest message using the console.warn() function. Also, the absence of this file in the 5.3.4 version causes a crash when the package is installed.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

High
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

Low
Availability (A)

Low

Undesired Behavior Affecting styled-components package, versions >=5.3.5 <5.3.7

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 28 Nov 2022

How to fix?

Overview

References

CVSS Scores

Snyk