EUVD-2021-2402

Malware in sbrugna...

Cross-site Scripting in tempura

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)

tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: OSV:GHSA-W4V7-HWX7-9929...

GHSA-W4V7-HWX7-9929 Cross-site Scripting in tempura

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

Cross-Site Scripting (XSS)

tempura is vulnerable to cross-site scripting XSS attacks. An attacker is able to inject malicious object type inputs to the esc function resulting in a potential cross-site scripting vulnerability due to the lack of sanitations inside the function...

CVE-2021-23784

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

CVE-2021-23784

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

CVE-2021-23784

CVE-2021-23784 affects the tempura templating package prior to 0.4.0. The esc function does not escape/sanitize inputs when the value is of type object (e.g., an array), allowing unescaped content to be returned and potentially exploited as Cross-Site Scripting (XSS). The vulnerability impact is ...

CVE-2021-23784 Cross-site Scripting (XSS)

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...

tempura 跨站脚本漏洞

Tempura is a lightweight, open source templating engine from Luke Edwards, an individual developer in the United States. tempura has a security vulnerability that originates from an improperly designed or implemented code development process for a web-based system or product...

Cross-site Scripting (XSS)

Overview tempura is an A light, crispy, and delicious template engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site...

@lukeed/bongo (>=0.0.1 <=0.0.12), @novivia/build-module (>=0.3.0 <=0.5.3) +3 more potentially affected by CVE-2021-23784 via tempura (>=0.0.8 <=0.3.2)

tempura NPM version =0.0.8, =0.0.1, =0.3.0, =0.6.0, =0.0.1, =3.4.0, =4.12.3 Source cves: CVE-2021-23784 Source advisory: SNYK:JS-TEMPURA-1569633...