Prototype Pollution Affecting nunjucks package, versions <3.2.3
Threat Intelligence
Exploit Maturity
Proof of concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-NUNJUCKS-1079083
- published 25 Feb 2021
- disclosed 25 Feb 2021
- credit CattChen (@ChenKS12138)
How to fix?
Upgrade nunjucks
to version 3.2.3 or higher.
Overview
nunjucks is a powerful templating engine with inheritance, asynchronous control, and more (jinja2 inspired).
Affected versions of this package are vulnerable to Prototype Pollution.
via the constructor
class in nunjucks/src/runtime.js.
References
CVSS Scores
version 3.1