Mako@0.2.1 vulnerabilities

A super-fast templating language that borrows the best ideas from the existing templating languages.

latest version

1.3.5
latest non vulnerable version

1.3.5
first published

17 years ago
latest version published

10 days ago
licenses detected
- MIT
  [0,)
View Mako package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the Mako package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `lexer` function, when a tag has a large number of quotes within its quoted sections. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `Mako` to version 1.2.2 or higher.	[,1.2.2)
M Cross-site Scripting (XSS) `mako` is a super-fast templating language that borrows the best ideas from the existing templating languages. Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.	[,0.3.4)

Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the lexer function, when a tag has a large number of quotes within its quoted sections.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade Mako to version 1.2.2 or higher.

[,1.2.2)

Cross-site Scripting (XSS)

mako is a super-fast templating language that borrows the best ideas from the existing templating languages.

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

[,0.3.4)

Go back to all versions of this package

Mako@0.2.1 vulnerabilities

A super-fast templating language that borrows the best ideas from the existing templating languages.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities