Published: Fri 21 Feb 2025
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has been addressed in version 1.9.4 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Note: This product uses data from the NVD API but is not endorsed or certified by the NVD.
Stay informed with product updates and security tips delivered to your inbox; no spam.
