Lucene search
Veracode Vulnerability DatabaseVERACODE:29560HistoryMar 04, 2021 - 2:57 a.m.
Remote Code Execution (RCE)
2021-03-0402:57:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
19
pug-code-gen vulnerability
remote code execution
overly permissive.
EPSS
0.041
Percentile
92.2%
pug-code-gen is vulnerable to remote code execution (RCE). The vulnerability exists as the allowed values of the pretty option of the pug compiler are overly permissive.
References
github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0
github.com/pugjs/pug/issues/3312
github.com/pugjs/pug/pull/3314
github.com/pugjs/pug/releases/tag/pug%403.0.1
github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr
www.npmjs.com/advisories/1644
www.npmjs.com/package/pug
www.npmjs.com/package/pug-code-gen
Related
prion
prion
Remote code execution
2021-03-03 02:15:00
nodejs
nodejs
Remote Code Execution
2021-03-03 02:16:22
Remote Code Execution
2021-03-03 02:09:54
cvelist
cvelist
CVE-2021-21353 Remote code execution in pug
2021-03-03 01:50:18
osv
osv
CGA-j4c8-m5vj-j3jg
2024-09-25 05:26:35
CGA-cp8p-w2m9-jwgg
2024-09-25 05:21:05
Remote code execution via the `pretty` option.
2021-03-03 02:03:52
ibm
ibm
redhatcve
redhatcve
CVE-2021-21353
2022-12-01 20:26:05
cve
cve
CVE-2021-21353
2021-03-03 02:15:13
nvd
nvd
CVE-2021-21353
2021-03-03 02:15:13
github
github
Remote code execution via the `pretty` option.
2021-03-03 02:03:52