@builder.io/qwik-city

Qwik City Open Redirect via fixTrailingSlash

@builder.io/qwik-city Cross-Site Request Forgery vulnerability

Qwik City has a CSRF Protection Bypass via Content-Type Header Validation

Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)

Qwik City has array method pollution in FormData processing allows type confusion and DoS

Qwik SSR XSS via Unsafe Virtual Node Serialization

Prototype Pollution via FormData Processing in Qwik City