pug-code-gen@1.0.0 vulnerabilities
Default code-generator for pug. It generates HTML via a JavaScript template function.
-
latest version
2.0.3
-
latest non vulnerable version
-
first published
8 years ago
-
latest version published
3 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the pug-code-gen package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pug-code-gen is a Default code-generator for pug. It generates HTML via a JavaScript template function. Affected versions of this package are vulnerable to Remote Code Execution (RCE). If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. How to fix Remote Code Execution (RCE)? Upgrade |
<2.0.3
>=3.0.0 <3.0.2
|