You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vue-server-renderer uses the serialize-javascrit package that, pior to its v3.1.0 has a code execution vulnerability. This vulnerability affects other projects that make use of Vue's SSR feature like Nuxt and Gridsome.
Version
2.6.11
Reproduction link
https://www.npmjs.com/advisories/1548
Steps to reproduce
vue-server-renderer uses the serialize-javascrit package that, pior to its v3.1.0 has a code execution vulnerability. This vulnerability affects other projects that make use of Vue's SSR feature like Nuxt and Gridsome.
NPM report https://www.npmjs.com/advisories/1548
PR #11589
What is expected?
Upgrade serialize-javascript dependency to 3.1.0 or 4.0.0
What is actually happening?
Projects based on Vue are potentially suffuring from a code injection/execution vulnerability and won't pass yarn audit
The text was updated successfully, but these errors were encountered: