Описание
Cross-site Scripting in curly-bracket-parser
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-23416
- https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js#23L31
- https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31
- https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106
Пакеты
Наименование
curly-bracket-parser
npm
Затронутые версииВерсия исправления
<= 1.0.2
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.