24 matches found
EUVD-2021-2003
Malware in sbrugna...
EUVD-2022-5001
Malicious code in bioql PyPI...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
VulnCheck KEV: CVE-2021-32819
Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...
CVE-2022-25967
A flaw was found in the ETA npm package. Affected versions of this package are vulnerable to remote code execution RCE by overwriting template engine configuration variables with view options received from The Express render API...
Remote Code Execution (RCE)
eta is vulnerable to Remote Code Execution RCE. The vulnerability is due to the Express render API overwriting template engine configuration variables which allows an attacker to execute arbitrary codes. An application is only vulnerable if its rendering user submitted data without sanitization...
Eta vulnerable to Code Injection via templates rendered with user-defined data
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
Remote code execution
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
The CVE-2022-25967 issue affects the ETA npm package prior to 2.0.0. An RCE vulnerability arises by overwriting template engine configuration variables with view options received from the Express render API, exploitable only when rendering templates with user-supplied data. Remediation: upgrade E...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
CVE-2022-25967
Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...
Template Injection
hbs is vulnerable to template injection. The vulnerability exists due to a lack of sanitization of configuration options when input into the system via the Express render API. An attacker is able to view a file by overwriting an internal configuration option...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Squirrelly
CVE-2021-32819 CVE-2021-32819 : SquirrellyJS mixes pure templa...
Insecure template handling in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
Cross site scripting
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2021-32818 Remote code execution and Reflected cross site scripting in haml-coffee
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
PT-2021-19952 · Unknown +1 · Squirrelly +1
Name of the Vulnerable Software and Affected Versions: Squirrelly versions prior to 9.0.0 Description: Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. It mixes pure template data with engine configuration options through the Express render API. ...
PT-2021-19950 · Unknown · Express-Hbs
Name of the Vulnerable Software and Affected Versions: express-hbs affected versions not specified Description: The issue arises from express-hbs mixing pure template data with engine configuration options through the Express render API, potentially leading to file disclosure vulnerabilities in...