Cross-site Scripting in curly-bracket-parser

Description

This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.0.2

References

• GHSA-rqf8-8c89-mw29
• snyk.io
• CVE-2021-23416
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Options structure open to Cross-site Scripting if passed unfiltered - CVE-2021-29489
• Cross-site scripting in react-bootstrap-table - CVE-2021-23398
• Cross-site Scripting in file-upload-with-preview - CVE-2021-23439
• Cross-site Scripting in Mermaid - CVE-2021-35513

Tags:

npm

curly-bracket-parser