11 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-2142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two...
Fedora 42 : workrave (2025-85867bd98f)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-85867bd98f advisory. Unretireing the package. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Fedora 40 : workrave (2025-2d5726abb8)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2d5726abb8 advisory. Unretireing the package. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
CVE-2023-2142
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142
creationtimestamp| type| source ---|---|--- 2024-11-26 11:31:06+00:00| seen| https://infosec.exchange/users/cve/statuses/113549027953253099...
CVE-2023-2142
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
3loc (>=0.1.0 <=0.4.0), @accordproject/cicero-cli (>=0.3.4 <=0.20.11-20200413151148) +983 more potentially affected by CVE-2023-2142 via nunjucks (>=0.1.10 <=3.2.3)
nunjucks NPM version =0.1.10, =0.1.0, =0.3.4, =0.3.12-20180525105709, =0.3.4, =0.3.4, =0.11.2-20190326183124, =0.0.5, =0.1.0, =1.1.0-301, =1.3.2, =2.0.0, =0.0.5, =1.2.0, =1.4.0 - @asephermann/capacitor-filechooser =0.0.1 and more Source cves: CVE-2023-2142 Source advisory: OSV:GHSA-X77J-W7WF-FJMW...