Skip to content

Vulnerability on vue-server-renderer #10930

New issue
New issue
Closed
Closed
Vulnerability on vue-server-renderer#10930
Labels
feat:ssrimprovement
@Berkmann18

Description

@Berkmann18
Berkmann18
opened on Dec 13, 2019

Version

2.6.10

Reproduction link

https://github.com/meditatingdragon/starter-gridsome-vuetify

Steps to reproduce

Have gridsome as a dependency (or whatever depends on vue-server-renderer) and observe GitHub and Snyk.

What is expected?

No vulnerabilities

What is actually happening?

XSS vulnerability caused by an outdated version of serialize-javascript (i.e. older than v2.1.1).

I tried highlighting this issue in the discord server but it didn't seem that people cared.
https://npmjs.com/advisories/1426

Metadata

Metadata

Assignees

No one assigned

    Labels

    feat:ssrimprovement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions