pug is vulnerable to Code execution. The vulnerability is due to the lack of proper input validation for the name option in the compileClient
, compileFileClient
, or compileClientWithDependenciesTracked
functions, which allows attackers to execute arbitrary JavaScript code in the context of the application.
CPE | Name | Operator | Version |
---|---|---|---|
pug | le | 3.0.2 | |
pug-code-gen | le | 3.0.2 | |
pug-code-gen | eq | 2.0.1 | |
pug | le | 3.0.2 | |
pug-code-gen | le | 3.0.2 | |
pug-code-gen | eq | 2.0.1 |