87 matches found
Remote Code Execution (RCE)
pug-code-gen is vulnerable to remote code execution RCE. The vulnerability exists as the allowed values of the pretty option of the pug compiler are overly permissive...
Remote Code Execution
Overview Impact In affected versions of pug and pug-code-gen, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remot...
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
Remote code execution
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
Remote Code Execution
Overview Impact In affected versions of pug and pug-code-gen, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remot...
Remote code execution via the `pretty` option.
Impact If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. Patches Upgrad...
pug (=3.0.1-canary-5) potentially affected by CVE-2021-21353 via pug-code-gen (=3.0.2-canary-5)
pug-code-gen NPM version =3.0.2-canary-5 is affected by a known vulnerability. The following packages have a transitive dependency on pug-code-gen and may be impacted: - pug =3.0.1-canary-5 Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...
1-of (>=1.0.0 <=1.0.1), 20ful (>=0.1.0 <=0.2.7) +3498 more potentially affected by CVE-2021-21353 via pug (>=0.1.0 <=3.0.0)
pug NPM version =0.1.0, =1.0.0, =0.1.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =1.0.0, =0.0.1, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =1.0.0, =1.0.7 and more Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...
GHSA-P493-635Q-R6GR Remote code execution via the `pretty` option.
Impact If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. Patches Upgrad...
@3kmfi6hp/nodejs-proxy (>=1.0.0 <=1.0.4), @aarhus-university/au-designsystem-delphinus (>=1.0.0 <=1.2.0) +342 more potentially affected by CVE-2021-21353 via pug-code-gen (>=0.0.0 <=1.1.1)
pug-code-gen NPM version =0.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.2.0, =0.0.1, =0.0.2, =0.8.10, =0.0.9, =1.0.0, =2.1.1-alpha.1 and more Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...
CVE-2021-21353 Remote code execution in pug
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
CVE-2021-21353
CVE-2021-21353 affects the Pug template engine before v3.0.1. If an attacker controls the pretty option via untrusted input (e.g., query params passed into template inputs), remote code execution on the Node.js backend was possible. The issue is fixed in v3.0.1; pug-code-gen has a backport fix in...
Pug 注入漏洞
Pug is Pug open source an application . Provides ways to optimize html. Pug has an injection vulnerability that can be exploited by an attacker to compile the pretty option of the compiler...
PT-2021-3172 · Unknown +1 · Pug-Code-Gen +1
Name of the Vulnerable Software and Affected Versions: pug versions prior to 3.0.1 pug-code-gen versions prior to 2.0.3 Description: The issue is related to the insufficient neutralization of special elements in the output of the Pug HTML preprocessor, specifically in the VisitMixin and...
WordPress Social Pug Plugin < 1.2.6 XSS Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress Social Pug - Easy Social Share Buttons Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.Social Pug-Easy Social Share Buttons Plugin is used in one of the social platform sharing plugin. A cross-site scriptin...
CVE-2016-10736
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpspmessageclass parameter...
Design/Logic Flaw
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpspmessageclass parameter...
CVE-2016-10736
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpspmessageclass parameter...