Shopify/quilt

Releases7.77K

Frequency9 hours

Last Release over 1 year ago

Stars1.68K

[⚠️ Deprecated] A loosely related set of packages for JavaScript/TypeScript projects at Shopify

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-8176 ↗	Jul 2, 2020Thursday, 2 July 2020, 19:15	6.1 MEDIUM	4.3 MEDIUM
A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attacker to inject JS payloads into the `shop` parameter on the `/shopify/auth/enable_cookies` endpoint.