4 matches found
CVE-2021-23447
creationtimestamp| type| source ---|---|--- 2021-10-07 20:33:56+00:00| seen| https://t.me/cibsecurity/30177...
CVE-2021-23447
The CVE-2021-23447 entry concerns the Teddy templating language prior to version 0.5.9. A type-confusion vulnerability allows bypassing input sanitization when the model content is an array (not a string), potentially enabling XSS-like behavior in affected renders. The mitigation is to upgrade Te...
CVE-2021-23447 Cross-site Scripting (XSS)
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array instead of a string...
gulp-teddy (>=0.0.1 <=1.6.1), roosevelt (>=0.4.9 <=0.4.33) potentially affected by CVE-2021-23447 via teddy (>=0.2.52 <=0.4.28)
teddy NPM version =0.2.52, =0.0.1, =0.4.9, =0.4.33 Source cves: CVE-2021-23447 Source advisory: SNYK:JS-TEDDY-1579557...