Vue: Arbitrary Code Injection In "serialize-javascript" For "vue-server-renderer"

Created on 2 Jun 2020  路  5Comments  路  Source: vuejs/vue

Version

2.6.11

Reproduction link

https://app.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062

Steps to reproduce

n/a

What is expected?

Remediation
Upgrade serialize-javascript to version 3.1.0 or higher.

What is actually happening?

n/a

picture dargmuesli

Most helpful comment

I see, thanks, now it makes more sense. I opened #11434
It wasn't clear from such a short robotic issue with so many n/a 馃槃

picture posva on 3 Jun 2020
🚀1 👍1

All 5 comments

Thanks but this Is a dev dependency

posva picture posva on 2 Jun 2020
👎1

It's listed under dependencies though: https://github.com/vuejs/vue/blob/fb589e6f9bc7db56a508f8f610ce321377bf0a6f/packages/vue-server-renderer/package.json#L28 馃

dargmuesli picture dargmuesli on 3 Jun 2020

I'm not talking about vue, I'm talking about vue-server-renderer^^

dargmuesli picture dargmuesli on 3 Jun 2020

I see, thanks, now it makes more sense. I opened #11434
It wasn't clear from such a short robotic issue with so many n/a 馃槃

posva picture posva on 3 Jun 2020
🚀1 👍1

I thought the title was large enough, sorry 馃槃

dargmuesli picture dargmuesli on 3 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

franciscolourenco picture franciscolourenco  路  3Comments
julianxhokaxhiu picture julianxhokaxhiu  路  3Comments
loki0609 picture loki0609  路  3Comments
paceband picture paceband  路  3Comments
Jokcy picture Jokcy  路  3Comments