Security Advisory

CVE-2023-2142

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-26 11:24:15

Last updated 2024-11-27 16:19:44

Assigner mozilla

State PUBLISHED

Description

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash character.

← Browse all CVEs View on cve.org ↗