CVE-2021-23784 Cross-site Scripting (XSS)

This affects the package tempura before 0.4.0. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability...