nunjucks@3.2.2 vulnerabilities
A powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired)
-
latest version
3.2.4
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the nunjucks package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired). Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the second parameter, when more than one user-controlled parameter is used on the same line in a view. Autoescaping can be bypassed by including a How to fix Cross-site Scripting (XSS)? Upgrade |
<3.2.4
|
nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired). Affected versions of this package are vulnerable to Prototype Pollution.
via the How to fix Prototype Pollution? Upgrade |
<3.2.3
|