CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
40.4%
It is possible to inject and run code within the template if the attacker has access to write the template name.
const { template } = require('@blakeembrey/template');
template("Hello {{name}}!", "exploit() {} && ((()=>{ console.log('success'); })()) && function pwned");
Upgrade to 1.2.0.
Don’t pass untrusted input as the template display name, or don’t use the display name feature.
Fixed by removing in https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa.
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
40.4%