Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) org.webjars.npm:nunjucks is a WebJar for nunjucks Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the second parameter, when more than one user-controlled parameter is used on the same line in a view. Autoescaping can be bypassed by including a `\` in the user input string. How to fix Cross-site Scripting (XSS)? Upgrade `org.webjars.npm:nunjucks` to version 3.2.4 or higher.	[,3.2.4)
H Prototype Pollution org.webjars.npm:nunjucks is a WebJar for nunjucks Affected versions of this package are vulnerable to Prototype Pollution. via the `constructor` class in nunjucks/src/runtime.js. How to fix Prototype Pollution? Upgrade `org.webjars.npm:nunjucks` to version 3.2.3 or higher.	[,3.2.3)

Cross-site Scripting (XSS)

org.webjars.npm:nunjucks is a WebJar for nunjucks

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the second parameter, when more than one user-controlled parameter is used on the same line in a view. Autoescaping can be bypassed by including a \ in the user input string.

How to fix Cross-site Scripting (XSS)?

Upgrade org.webjars.npm:nunjucks to version 3.2.4 or higher.

[,3.2.4)

Prototype Pollution

org.webjars.npm:nunjucks is a WebJar for nunjucks

Affected versions of this package are vulnerable to Prototype Pollution. via the constructor class in nunjucks/src/runtime.js.

How to fix Prototype Pollution?

Upgrade org.webjars.npm:nunjucks to version 3.2.3 or higher.

[,3.2.3)

Go back to all versions of this package