5 matches found
CVE-2023-2142
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...
3loc (>=0.1.0 <=0.4.0), @accordproject/cicero-cli (>=0.3.4 <=0.20.11-20200413151148) +983 more potentially affected by CVE-2023-2142 via nunjucks (>=0.1.10 <=3.2.3)
nunjucks NPM version =0.1.10, =0.1.0, =0.3.4, =0.3.12-20180525105709, =0.3.4, =0.3.4, =0.11.2-20190326183124, =0.0.5, =0.1.0, =1.1.0-301, =1.3.2, =2.0.0, =0.0.5, =1.2.0, =1.4.0 - @asephermann/capacitor-filechooser =0.0.1 and more Source cves: CVE-2023-2142 Source advisory: OSV:GHSA-X77J-W7WF-FJMW...
PT-2023-18187 · Nunjucks +1 · Nunjucks +1
Name of the Vulnerable Software and Affected Versions: Nunjucks versions prior to 3.2.4 Description: The issue allows bypassing the restrictions provided by the autoescape functionality in Nunjucks. If two user-controlled parameters are on the same line in the views, it is possible to inject...
3loc (>=0.2.0 <=0.4.0), @bb-cli/bb-doc (>=2.0.1-pr.1 <=2.0.1-pr.13) +255 more potentially affected by CVE-2016-10547 via nunjucks (>=0.1.10 <=2.4.2)
nunjucks NPM version =0.1.10, =0.2.0, =2.0.1-pr.1, =1.0.0, =0.0.22, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.2, =1.0.3 and more Source cves: CVE-2016-10547 Source advisory: OSV:GHSA-F7PH-P5RV-PHW2...