CVE-2021-23784

Published November 3rd, 2021

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability.

lukeed/tempura

A light, crispy, and delicious template engine 🍤

GitHub

529