Описание
Cross-site Scripting in teddy
Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
Ссылки
Пакеты
Наименование
teddy
npm
Затронутые версииВерсия исправления
< 0.5.9
0.5.9
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).