4 matches found
CVE-2023-1283
Code Injection in GitHub repository builderio/qwik prior to 0.21.0...
CVE-2023-1283
creationtimestamp| type| source ---|---|--- 2023-03-09 00:51:29+00:00| seen| https://t.me/cibsecurity/59699 2025-03-05 15:32:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6546...
cypress-ct-jordan-qwik (>=0.0.0-alpha-9 <=0.0.0-alpha-12), storybook-framework-qwik (=0.0.1) potentially affected by CVE-2023-1283 via @builder.io/qwik (>=0.15.2 <=0.18.1)
@builder.io/qwik NPM version =0.15.2, =0.0.0-alpha-9, =0.0.0-alpha-12 - storybook-framework-qwik =0.0.1 Source cves: CVE-2023-1283 Source advisory: OSV:GHSA-9WF9-QVVP-2929...
CVE-2023-1283
CVE-2023-1283 affects builderio/qwik versions prior to 0.21.0. The vulnerability arises from the deserializer exposed via the pureServerFunction feature, enabling an unauthenticated attacker to inject and run arbitrary JavaScript code (via a crafted request to /q-data.json). Impact is code execut...