GHSA-9wf9-qvvp-2929

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9wf9-qvvp-2929/GHSA-9wf9-qvvp-2929.json
Aliases
  • CVE-2023-1283
Published
2023-03-09T00:30:18Z
Modified
2023-03-14T21:34:18Z
Details

Code Injection in GitHub repository builderio/qwik prior to 0.21.0. The Function deserializer can be accessed using the pureServerFunction feature. This allows any Javascript code to be run by node.js.

References

Affected packages

npm / @builder.io/qwik

@builder.io/qwik

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
0.21.0

Affected versions