6 matches found
CVE-2021-21353
creationtimestamp| type| source ---|---|--- 2025-03-31 21:02:06+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3llpaxs4utj2p 2025-04-16 22:57:50+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12168...
Security Bulletin: A security vulnerability in Node.js pug and pug-code-gen module affects IBM Cloud Pak for Multicloud Management Managed Service.
Summary A security vulnerability in Node.js pug and pug-code-gen module affects IBM Cloud Pak for Multicloud Management Managed Service. Vulnerability Details CVEID: CVE-2021-21353 DESCRIPTION: Node.js pug and pug-code-gen could allow a remote attacker to execute arbitrary code on the system,...
CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
1-of (>=1.0.0 <=1.0.1), 20ful (>=0.1.0 <=0.2.7) +3498 more potentially affected by CVE-2021-21353 via pug (>=0.1.0 <=3.0.0)
pug NPM version =0.1.0, =1.0.0, =0.1.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =1.0.0, =0.0.1, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =0.1.2, =1.0.0, =1.0.7 and more Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...
pug (=3.0.1-canary-5) potentially affected by CVE-2021-21353 via pug-code-gen (=3.0.2-canary-5)
pug-code-gen NPM version =3.0.2-canary-5 is affected by a known vulnerability. The following packages have a transitive dependency on pug-code-gen and may be impacted: - pug =3.0.1-canary-5 Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...
CVE-2021-21353
CVE-2021-21353 affects the Pug template engine before v3.0.1. If an attacker controls the pretty option via untrusted input (e.g., query params passed into template inputs), remote code execution on the Node.js backend was possible. The issue is fixed in v3.0.1; pug-code-gen has a backport fix in...