3 matches found
CVE-2023-23630 Cross-site (XSS) vulnerability with Express API in Eta
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
CVE-2023-23630 Cross-site (XSS) vulnerability with Express API in Eta
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to res.render...
@1023-ventures/basalt (>=0.5.0 <=0.7.6), @4c/docusaurus-preset (>=0.2.4 <=0.3.2) +218 more potentially affected by CVE-2023-23630 via eta (>=1.12.1 <=1.14.2)
eta NPM version =1.12.1, =0.5.0, =0.2.4, =0.0.2, =0.0.1, =0.3.9, =1.0.0, =2.1.27, =1.1.6, =2.1.0, =0.0.37, =0.1.2 and more Source cves: CVE-2023-23630 Source advisory: OSV:GHSA-XRH7-M5PP-39R6...