Security Advisory

CVE-2024-45390

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-03 19:37:31

Last updated 2024-09-03 20:01:40

Assigner GitHub_M

State PUBLISHED

Description

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, dont pass untrusted input as the template display name, or dont use the display name feature.

← Browse all CVEs View on cve.org ↗