Lucene search
Veracode Vulnerability DatabaseVERACODE:39797HistoryMar 16, 2023 - 1:18 p.m.
Code Injection
2023-03-1613:18:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
qwik
code injection
purefunctionserializer
serializers.ts
javascript
server
EPSS
0.003
Percentile
71.7%
@builder.io/qwik, is vulnerable to Code Injection. The vulnerability is caused by the PureFunctionSerializer function in serializers.ts due to a lack of sanitization when deserializing data types, which allows an attacker to inject and execute malicious JavaScript into the server.
References
gist.github.com/OhB00/1969229a0d1d87f70f06e79bf1816ca6
github.com/advisories/GHSA-9wf9-qvvp-2929
github.com/builderio/qwik/commit/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66
github.com/BuilderIO/qwik/pull/3249
github.com/BuilderIO/qwik/pull/3249/commits/4d9ba6e098ae6e537aa55abb6b8369bb670ffe66
huntr.dev/bounties/63f1ff91-48f3-4886-a179-103f1ddd8ff8
Related
osv
osv
builderio/qwik is vulnerable to code injection
2023-03-09 00:30:18
CVE-2023-1283
2023-03-08 22:15:09
prion
prion
Code injection
2023-03-08 22:15:00
huntr
huntr
RCE using bad deserialization
2023-03-03 16:55:51
cve
cve
CVE-2023-1283
2023-03-08 22:15:09
github
github
builderio/qwik is vulnerable to code injection
2023-03-09 00:30:18
cvelist
cvelist
CVE-2023-1283 Code Injection in builderio/qwik
2023-03-08 00:00:00
nvd
nvd
CVE-2023-1283
2023-03-08 22:15:09