Browse all 3 CVE security advisories affecting udecode. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Udecode is a decoding utility primarily used for handling various encoded data formats in web applications and security testing. Historically, it has been associated with multiple remote code execution vulnerabilities due to unsafe handling of user input, particularly in its parsing functions. Cross-site scripting (XSS) vulnerabilities have also been prevalent, often stemming from improper output encoding. The tool has demonstrated privilege escalation risks in certain configurations where it processes untrusted data. While no major public security incidents have been widely documented, its three CVEs highlight consistent issues with input validation and secure coding practices, making it a potential attack vector when deployed in environments handling untrusted encoded content.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-47061 | Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs — plateCWE-79 | 8.3 | High | 2024-09-20 |
| CVE-2024-40631 | Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media — plateCWE-79 | 8.1 | High | 2024-07-15 |
| CVE-2023-34245 | Cross site scripting (XSS) in @udecode/plate-link — plateCWE-79 | 8.1 | High | 2023-06-09 |
This page lists every published CVE security advisory associated with udecode. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.