21 matches found
EUVD-2021-2003
Malware in sbrugna...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2022-25967
A flaw was found in the ETA npm package. Affected versions of this package are vulnerable to remote code execution RCE by overwriting template engine configuration variables with view options received from The Express render API...
Remote Code Execution (RCE)
eta is vulnerable to Remote Code Execution RCE. The vulnerability is due to the Express render API overwriting template engine configuration variables which allows an attacker to execute arbitrary codes. An application is only vulnerable if its rendering user submitted data without sanitization...
Eta vulnerable to Code Injection via templates rendered with user-defined data
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
Remote code execution
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
Eta 安全漏洞
Eta is Eta open source a lightweight , fast embedded JS template engine . It runs in Node, Deno and browsers. A security vulnerability exists in versions of Eta prior to 2.0.0, which stems from its use of view options received from the Express render API to override template engine configuration...
Remote Code Execution (RCE)
Overview eta is a Lightweight, fast, and powerful embedded JS template engine Affected versions of this package are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only...
GHSA-7F5C-RPF4-86P8 Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...
Template Injection
hbs is vulnerable to template injection. The vulnerability exists due to a lack of sanitization of configuration options when input into the system via the Express render API. An attacker is able to view a file by overwriting an internal configuration option...
CVE-2021-32822
The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly
CVE-2021-32819 CVE-2021-32819 : SquirrellyJS mixes pure templa...
Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Cross site scripting
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...