2 matches found
Hardcoded credentials
neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...
CVE-2021-41170
The CVE concerns neoan3-apps/template (Neoan3 minimal template engine). Prior to 1.1.1, closures could be passed into the template and executed if a value shared a name with a method or function in scope, enabling potential arbitrary execution when rendering templates. The issue affects users han...