Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade serialize-javascript dependency to fix high severity vulnerability #11591

Closed
zgmrvn-svg opened this issue Aug 13, 2020 · 2 comments
Closed

Upgrade serialize-javascript dependency to fix high severity vulnerability #11591

zgmrvn-svg opened this issue Aug 13, 2020 · 2 comments

Comments

@zgmrvn-svg
Copy link

zgmrvn-svg commented Aug 13, 2020
edited

Version

2.6.11

Reproduction link

https://www.npmjs.com/advisories/1548

Steps to reproduce

vue-server-renderer uses the serialize-javascrit package that, pior to its v3.1.0 has a code execution vulnerability. This vulnerability affects other projects that make use of Vue's SSR feature like Nuxt and Gridsome.

NPM report https://www.npmjs.com/advisories/1548

PR #11589

What is expected?

Upgrade serialize-javascript dependency to 3.1.0 or 4.0.0

What is actually happening?

Projects based on Vue are potentially suffuring from a code injection/execution vulnerability and won't pass yarn audit
@posva
Copy link
Member

posva commented Aug 13, 2020

Please don't open an issue if there is already a PR and search existing issues before opening one

@posva posva closed this as completed Aug 13, 2020
@zgmrvn-svg
Copy link
Author

zgmrvn-svg commented Aug 13, 2020
edited

Yep, sorry. For people landing here: #11434

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@posva @zgmrvn-svg