nunjucks@2.5.2 vulnerabilities

A powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired)

latest version

3.2.4
latest non vulnerable version

3.2.4
first published

12 years ago
latest version published

2 years ago
licenses detected
- BSD-2-Clause
  >=0
View nunjucks package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the nunjucks package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired). Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the second parameter, when more than one user-controlled parameter is used on the same line in a view. Autoescaping can be bypassed by including a `\` in the user input string. How to fix Cross-site Scripting (XSS)? Upgrade `nunjucks` to version 3.2.4 or higher.	<3.2.4
H Prototype Pollution nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired). Affected versions of this package are vulnerable to Prototype Pollution. via the `constructor` class in nunjucks/src/runtime.js. How to fix Prototype Pollution? Upgrade `nunjucks` to version 3.2.3 or higher.	<3.2.3

Cross-site Scripting (XSS)

nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired).

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the second parameter, when more than one user-controlled parameter is used on the same line in a view. Autoescaping can be bypassed by including a \ in the user input string.

How to fix Cross-site Scripting (XSS)?

Upgrade nunjucks to version 3.2.4 or higher.

<3.2.4

Prototype Pollution

nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired).

Affected versions of this package are vulnerable to Prototype Pollution. via the constructor class in nunjucks/src/runtime.js.

How to fix Prototype Pollution?

Upgrade nunjucks to version 3.2.3 or higher.

<3.2.3

Go back to all versions of this package

nunjucks@2.5.2 vulnerabilities

A powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired)

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities