7 matches found
@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)
tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: OSV:GHSA-W4V7-HWX7-9929...
CVE-2021-23784
creationtimestamp| type| source ---|---|--- 2021-11-03 21:23:31+00:00| seen| https://t.me/cibsecurity/31768...
CVE-2021-23784
This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...
CVE-2021-23784
This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...
CVE-2021-23784
CVE-2021-23784 affects the tempura templating package prior to 0.4.0. The esc function does not escape/sanitize inputs when the value is of type object (e.g., an array), allowing unescaped content to be returned and potentially exploited as Cross-Site Scripting (XSS). The vulnerability impact is ...
CVE-2021-23784 Cross-site Scripting (XSS)
This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...
@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)
tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: SNYK:JS-TEMPURA-1569633...