haml-coffee is vulnerable to remote code execution. A remote attacker is able to execute arbitrary code in downstream applications via the customHtmlEscape
parameter. Additionally, control over the escapeHtml
parameter allows an attacker to perform cross-site scripting attacks.
CPE | Name | Operator | Version |
---|---|---|---|
haml-coffee | le | 1.14.1 |