Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `lexer` function, when a tag has a large number of quotes within its quoted sections. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `Mako` to version 1.2.2 or higher.	[,1.2.2)
M Cross-site Scripting (XSS) `mako` is a super-fast templating language that borrows the best ideas from the existing templating languages. Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.	[,0.3.4)

Regular Expression Denial of Service (ReDoS)

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the lexer function, when a tag has a large number of quotes within its quoted sections.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade Mako to version 1.2.2 or higher.

[,1.2.2)

Cross-site Scripting (XSS)

mako is a super-fast templating language that borrows the best ideas from the existing templating languages.

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

[,0.3.4)

Go back to all versions of this package