5 matches found
@adonisjs/framework (>=4.0.0 <=5.0.13), @adonisjs/view (>=1.0.0 <=5.0.2) +54 more potentially affected by CVE-2021-23443 via edge.js (>=1.1.4 <=4.0.4)
edge.js NPM version =1.1.4, =4.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.0.45, =1.8.1, =1.0.0, =1.0.0, =2.0.36, =2.0.37, =2.1.3 and more Source cves: CVE-2021-23443 Source advisory: OSV:GHSA-55R9-7MF8-M382...
CVE-2021-23443
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...
CVE-2021-23443
The CVE-2021-23443 entry applies to edge.js prior to version 5.3.2, where a type confusion vulnerability can bypass input sanitization when the rendered input is an array (not a string or SafeValue), even with {{ }} usage. Affected component: edge.js template engine. Impact: cross-site scripting ...
CVE-2021-23443 Cross-site Scripting (XSS)
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...
CVE-2021-23443
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...