Lucene search
K

5 matches found

Debian CVE
Debian CVE
added 2024/11/26 11:24 a.m.18 views

CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

6.1CVSS5.3AI score0.00354EPSS
Exploits0
OSV
OSV
added 2024/11/26 11:24 a.m.9 views

CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash ...

6.1CVSS5.7AI score0.00354EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/04/20 9:19 p.m.10 views

3loc (>=0.1.0 <=0.4.0), @accordproject/cicero-cli (>=0.3.4 <=0.20.11-20200413151148) +983 more potentially affected by CVE-2023-2142 via nunjucks (>=0.1.10 <=3.2.3)

nunjucks NPM version =0.1.10, =0.1.0, =0.3.4, =0.3.12-20180525105709, =0.3.4, =0.3.4, =0.11.2-20190326183124, =0.0.5, =0.1.0, =1.1.0-301, =1.3.2, =2.0.0, =0.0.5, =1.2.0, =1.4.0 - @asephermann/capacitor-filechooser =0.0.1 and more Source cves: CVE-2023-2142 Source advisory: OSV:GHSA-X77J-W7WF-FJMW...

6.1CVSS6.1AI score0.00354EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.3 views

PT-2023-18187 · Nunjucks +1 · Nunjucks +1

Name of the Vulnerable Software and Affected Versions: Nunjucks versions prior to 3.2.4 Description: The issue allows bypassing the restrictions provided by the autoescape functionality in Nunjucks. If two user-controlled parameters are on the same line in the views, it is possible to inject...

6.1CVSS5.3AI score0.00354EPSS
Exploits0References19
vulnersOsv
vulnersOsv
added 2018/11/06 11:13 p.m.6 views

3loc (>=0.2.0 <=0.4.0), @bb-cli/bb-doc (>=2.0.1-pr.1 <=2.0.1-pr.13) +255 more potentially affected by CVE-2016-10547 via nunjucks (>=0.1.10 <=2.4.2)

nunjucks NPM version =0.1.10, =0.2.0, =2.0.1-pr.1, =1.0.0, =0.0.22, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.2, =1.0.3 and more Source cves: CVE-2016-10547 Source advisory: OSV:GHSA-F7PH-P5RV-PHW2...

6.1CVSS6.3AI score0.0144EPSS
Exploits1
Rows per page
Query Builder