Mhevery

**Name of the Vulnerable Software and Affected Versions** builderio/qwik versions prior to 0.21.0 **Description** The issue concerns a code injection problem. The `deserializer` function can be accessed using the `pureServerFunction` feature, allowing any JavaScript code to be run by node.js. **Recommendations** For versions prior to 0.21.0, update to version 0.21.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `deserializer` function and the `pureServerFunction` feature until a patch is applied.