EUVD-2021-1980

Malware in sbrugna...

@adonisjs/framework (>=4.0.0 <=5.0.13), @adonisjs/view (>=1.0.0 <=5.0.2) +54 more potentially affected by CVE-2021-23443 via edge.js (>=1.1.4 <=4.0.4)

edge.js NPM version =1.1.4, =4.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =0.0.1, =0.0.45, =1.8.1, =1.0.0, =1.0.0, =2.0.36, =2.0.37, =2.1.3 and more Source cves: CVE-2021-23443 Source advisory: OSV:GHSA-55R9-7MF8-M382...

Cross-Site Scripting (XSS)

edge.js is vulnerable to cross-site scripting. A lack of validation of type when an attacker inputs an array regardless of the use of instead of a string allows an attacker to inject and execute malicious script...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

Type confusion

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

CVE-2021-23443

The CVE-2021-23443 entry applies to edge.js prior to version 5.3.2, where a type confusion vulnerability can bypass input sanitization when the rendered input is an array (not a string or SafeValue), even with {{ }} usage. Affected component: edge.js template engine. Impact: cross-site scripting ...

CVE-2021-23443

This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

edge.js 跨站脚本漏洞

edge.js is the Node.js template engine. edges.js versions prior to 5.3.2 have a cross-site scripting vulnerability that stems from a type obfuscation vulnerability that can be exploited to bypass input cleanup when the input to be rendered is an array, even if is used, and can be used by attacker...

Cross-site Scripting (XSS)

Overview edge.js is a Node.js templating engine with fresh air. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even ...