12 matches found
CVE-2025-29705
code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...
CVE-2025-29705
code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...
CVE-2025-29705
code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...
CVE-2025-29705
code-gen =2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects...
PT-2025-16373 · Code-Gen · Code-Gen
Name of the Vulnerable Software and Affected Versions: code-gen versions 2.0.6 and earlier Description: The issue is related to Incorrect Access Control, where the project lacks permission control, allowing anyone to access such projects. Recommendations: For code-gen versions 2.0.6 and earlier,...
Security Bulletin: A security vulnerability in Node.js pug and pug-code-gen module affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Node.js pug and pug-code-gen module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21353 DESCRIPTION: Node.js pug and pug-code-gen could allow a remote attacker to execute arbitrary code on the system,...
Remote Code Execution (RCE)
pug-code-gen is vulnerable to remote code execution RCE. The vulnerability exists as the allowed values of the pretty option of the pug compiler are overly permissive...
Remote Code Execution
Overview Impact In affected versions of pug and pug-code-gen, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remot...
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
Remote code execution
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
Remote Code Execution
Overview Impact In affected versions of pug and pug-code-gen, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remot...
PT-2021-3172 · Unknown +1 · Pug-Code-Gen +1
Name of the Vulnerable Software and Affected Versions: pug versions prior to 3.0.1 pug-code-gen versions prior to 2.0.3 Description: The issue is related to the insufficient neutralization of special elements in the output of the Pug HTML preprocessor, specifically in the VisitMixin and...