Описание
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.19.1 (исключая)
cpe:2.3:a:qwik:qwik:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 96%
0.23118
Средний
9.8 Critical
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
debian
27 дней назад
Qwik is a performance focused javascript framework. qwik <=1.19.0 is v ...
github
28 дней назад
Qwik vulnerable to Unauthenticated RCE via server$ Deserialization
EPSS
Процентиль: 96%
0.23118
Средний
9.8 Critical
CVSS3
Дефекты
CWE-502