CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

Arbitrary JavaScript Execution

Overview In affected versions of less-openui5 processing untrusted theming resources might execute arbitrary code. Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

CVE-2021-21316

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

CVE-2021-21316

CVE-2021-21316 affects the npm package less-openui5 (pre-0.10.0) and can allow arbitrary code execution during build when processing untrusted theming resources (*.less). The vulnerability arises from inline JavaScript evaluation in a forked Less.js v1.6.3 embedded by less-openui5, which is norma...

CVE-2021-21316 Arbitrary code execution in less-openui5

less-openui5 is an npm package which enables building OpenUI5 themes with Less.js. In less-openui5 before version 0.10., when processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be execut...

Less-openui5 Injection Vulnerability

An injection vulnerability exists in Less-openui5, which arises when a network system or product lacks proper validation of user input during the course of an operation to construct a command, data structure, or record, and fails to filter, or fails to correctly filter out, specific elements of t...

Arbitrary Code Execution

less-openui5 is vulnerable to arbitrary code execution. When processing theming resources i.e. .less files that originate from an untrusted source, the resources may contain JavaScript code which will be executed in the context of the build process...

Processing untrusted theming resources might execute arbitrary code (ACE)

Impact When processing theming resources i.e. .less files with less-openui5 that originate from an untrusted source, those resources might contain JavaScript code which will be executed in the context of the build process. While this is a feature of the Less.js library, it is an unexpected behavi...