EPSS
Percentile
39.5%
devalue is vulnerable to cross-site scripting attacks. The vulnerability exists due to lack of sanitized values in safeKey and safeProp which allows an attacker to inject and execute malicious javascript.
safeKey
safeProp
github.com/nuxt/devalue/commit/ecde7cf4a3981a39c7b6df62245c0cc408aeb70e
github.com/nuxt/devalue/pull/8
github.com/Rich-Harris/devalue/issues/19
www.npmjs.com/advisories/814