Количество 2
Количество 2
CVE-2023-23630
около 3 лет назад
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`.
CVSS3: 8.6
EPSS: Низкий
GHSA-xrh7-m5pp-39r6
около 3 лет назад
XSS Attack with Express API
CVSS3: 8.6
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-23630 Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`. | CVSS3: 8.6 | 0% Низкий | около 3 лет назад |
| GHSA-xrh7-m5pp-39r6 XSS Attack with Express API | CVSS3: 8.6 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу
20