Cross-Site Scripting in @nuxt/devalue

2019-07-16T00:42:02
ID GHSA-6677-83PP-F862
Type github
Reporter GitHub Advisory Database
Modified 2020-08-31T18:36:47

Description

Versions of @nuxt/devalue prior to 1.2.3 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization attacker may inject arbitrary JavaScript code through object keys.

Recommendation

Upgrade to version 1.2.3 or later.