Qwik affected by unauthenticated RCE via server$ Deserialization

Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any deployment where require() is available at runtime. This vulnerability is fixed in 1.19.1.

N/A

可信数据的反序列化

Qwik 代码问题漏洞

Qwik是Qwik Dev开源的一款微型Web框架。 Qwik 1.19.0及之前版本存在代码问题漏洞，该漏洞源于server$ RPC机制存在不安全的反序列化，可能导致任何未经验证的用户通过单个HTTP请求在服务器上执行任意代码。

N/A

N/A