Описание
Qwik vulnerable to Unauthenticated RCE via server$ Deserialization
Summary
qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime.
Impact
- Remote Code Execution
Пакеты
@builder.io/qwik
<= 1.19.0
1.19.1
Связанные уязвимости
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.
Qwik is a performance focused javascript framework. qwik <=1.19.0 is v ...