Lucene search
K

790 matches found

Rockylinux
Rockylinux
added 2021/11/09 8:26 a.m.41 views

python-jinja2 security update

An update is available for python-jinja2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written in...

5.3CVSS6AI score0.03546EPSS
Exploits1
OSV
OSV
added 2021/11/09 8:26 a.m.38 views

ALSA-2021:4161 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: python-jinja2: ReDoS vulnerability due to the sub-pattern CVE-2020-28493 For...

5.3CVSS5.9AI score0.03546EPSS
Exploits1References2
Veracode
Veracode
added 2021/11/09 8:20 a.m.15 views

Arbitrary Code Execution

neoan3-apps/template is vulnerable to arbitrary code execution RCE attacks. An attacker could execute global or local functions & methods by storing particular values into the database via closures that are known to be eventually rendered by the template engine resulting in arbitrary code executi...

9.8CVSS5.1AI score0.01532EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/11/08 7:15 p.m.11 views

CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

9.8CVSS0.01532EPSS
Exploits0References3
OSV
OSV
added 2021/11/08 7:15 p.m.16 views

CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

9.8CVSS6.7AI score
Exploits0References3
Cvelist
Cvelist
added 2021/11/08 7:10 p.m.13 views

CVE-2021-41170 Evaluation of closures can lead to execution of methods & functions in current program scope

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function...

9.8CVSS9.6AI score0.01532EPSS
Exploits0References3
CVE
CVE
added 2021/11/08 7:10 p.m.83 views

CVE-2021-41170

The CVE concerns neoan3-apps/template (Neoan3 minimal template engine). Prior to 1.1.1, closures could be passed into the template and executed if a value shared a name with a method or function in scope, enabling potential arbitrary execution when rendering templates. The issue affects users han...

9.8CVSS9.4AI score0.01532EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.3 views

neoan3-template 安全漏洞

Neoan3-Template is a minimal template engine for Neoan3. A security vulnerability exists in neoan3-template that arises from improper design or implementation during code development for a networked system or product...

9.8CVSS8.4AI score0.01532EPSS
Exploits0References4
CNVD
CNVD
added 2021/09/24 12:0 a.m.15 views

IBM Edge Information Disclosure Vulnerability (CNVD-2021-94168)

Edge is a Node.js logic and template engine that contains batteries. IBM Edge has an information disclosure vulnerability that stems from the fact that IBM Edge allows web pages to be stored locally, which can be exploited by an attacker to read those pages...

4CVSS2.4AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2021/09/22 8:36 p.m.12 views

GHSA-55R9-7MF8-M382 Cross-site Scripting in edge.js

Edge is a logical and batteries included template engine for Node.js. This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array instead of a string or a SafeValue, even if are used...

5.4CVSS6.2AI score0.00877EPSS
Exploits1References4
Snyk
Snyk
added 2021/08/25 3:30 p.m.3 views

Cross-site Scripting (XSS)

Overview tempura is an A light, crispy, and delicious template engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS. If the input to the esc function is of type object i.e an array it is returned without being escaped/sanitized, leading to a potential Cross-Site...

6.1CVSS5.2AI score0.01219EPSS
Exploits1References2
CNVD
CNVD
added 2021/08/18 12:0 a.m.11 views

TryGhost express-hbs information disclosure vulnerability

TryGhost express-hbs is an Express handlebar template engine with multiple layouts, blocks and cache sections. tryGhost express-hbs suffers from an information disclosure vulnerability that stems from the product's Express render API mixing pure template data with engine configuration options,...

5.3CVSS1AI score0.01178EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/05/27 12:0 a.m.35 views

GLSA-202105-06 : Smarty: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202105-06 Smarty: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE...

9.8CVSS6.6AI score0.82316EPSS
Exploits2References3
Gentoo Linux
Gentoo Linux
added 2021/05/26 12:0 a.m.65 views

Smarty: Multiple vulnerabilities

Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty template engine. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

9.8CVSS2AI score0.82316EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2021/05/17 8:58 p.m.54 views

Insecure template handling in express-hbs

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS2.1AI score0.01268EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/17 8:58 p.m.54 views

Insecure template handling in Squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS8.9AI score0.59844EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2021/05/17 8:58 p.m.27 views

GHSA-Q8J6-PWQX-PM96 Insecure template handling in Squirrelly

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8CVSS8.9AI score0.59844EPSS
Exploits2References6
NVD
NVD
added 2021/05/14 7:15 p.m.12 views

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS0.59844EPSS
Exploits2References4
OSV
OSV
added 2021/05/14 7:15 p.m.18 views

CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in...

8.8CVSS7.4AI score
Exploits0References4
OSV
OSV
added 2021/05/14 7:15 p.m.13 views

CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability...

6.8CVSS6.7AI score
Exploits0References4
Rows per page
Query Builder