2024-09-03 19:37:31
GitHub_M
PUBLISHED
@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, dont pass untrusted input as the template display name, or dont use the display name feature.