Search criteria
6 vulnerabilities found for Nunjucks by Mozilla
FKIE_CVE-2023-2142
Vulnerability from fkie_nvd - Published: 2024-11-26 12:15 - Updated: 2025-06-24 16:42
Severity ?
Summary
In Nunjucks versions prior to version 3.2.4, it was
possible to bypass the restrictions which are provided by the autoescape
functionality. If there are two user-controlled parameters on the same
line used in the views, it was possible to inject cross site scripting
payloads using the backslash \ character.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1825980 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEEE5C7E-56D7-4DB4-A58B-4AC206EDA1D3",
"versionEndExcluding": "3.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."
},
{
"lang": "es",
"value": "En las versiones de Nunjucks anteriores a la versi\u00f3n 3.2.4, era posible eludir las restricciones que proporciona la funci\u00f3n de escape autom\u00e1tico. Si hay dos par\u00e1metros controlados por el usuario en la misma l\u00ednea utilizada en las vistas, era posible inyectar payloads de cross-site scripting utilizando el car\u00e1cter de barra invertida \\."
}
],
"id": "CVE-2023-2142",
"lastModified": "2025-06-24T16:42:52.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-26T12:15:18.307",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mozilla.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2016-10547
Vulnerability from fkie_nvd - Published: 2018-05-31 20:29 - Updated: 2024-11-21 02:44
Severity ?
Summary
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://github.com/matt-/nunjucks_test | Exploit, Third Party Advisory | |
| support@hackerone.com | https://github.com/mozilla/nunjucks/issues/835 | Exploit, Third Party Advisory | |
| support@hackerone.com | https://nodesecurity.io/advisories/147 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/matt-/nunjucks_test | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mozilla/nunjucks/issues/835 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/147 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D82CA76B-B062-4E4A-85FA-5C56C70F76E8",
"versionEndIncluding": "2.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=\u003cscript\u003ealert(1)\u003c/script\u003e`, it is possible to bypass autoescaping and inject content into the DOM."
},
{
"lang": "es",
"value": "Nunjucks es un motor de creaci\u00f3n de plantillas con funcionalidades completas para JavaScript. Las versiones 2.4.2 y anteriores tienen una vulnerabilidad de Cross-Site Scripting (XSS) en el modo autoescape. En este modo, todas las variables de plantilla deber\u00edan escaparse autom\u00e1ticamente. Mediante el uso de un array para las claves, como \"name[]=\", es posible omitir el autoescapado e inyectar contenido en el DOM."
}
],
"id": "CVE-2016-10547",
"lastModified": "2024-11-21T02:44:14.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-31T20:29:01.737",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matt-/nunjucks_test"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/matt-/nunjucks_test"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/147"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-2142 (GCVE-0-2023-2142)
Vulnerability from cvelistv5 – Published: 2024-11-26 11:24 – Updated: 2024-11-27 16:19
VLAI?
Title
Nunjucks autoescape bypass leads to cross site scripting
Summary
In Nunjucks versions prior to version 3.2.4, it was
possible to bypass the restrictions which are provided by the autoescape
functionality. If there are two user-controlled parameters on the same
line used in the views, it was possible to inject cross site scripting
payloads using the backslash \ character.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
blaiddx64
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nunjucks",
"vendor": "mozilla",
"versions": [
{
"lessThan": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2142",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:17:55.829952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:19:44.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Nunjucks",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "blaiddx64"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \u003ccode\u003e\\\u003c/code\u003e character.\u003c/p\u003e"
}
],
"value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:24:15.422Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nunjucks autoescape bypass leads to cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-2142",
"datePublished": "2024-11-26T11:24:15.422Z",
"dateReserved": "2023-04-18T08:19:20.097Z",
"dateUpdated": "2024-11-27T16:19:44.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10547 (GCVE-0-2016-10547)
Vulnerability from cvelistv5 – Published: 2018-05-31 20:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic (CWE-79)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | nunjucks node module |
Affected:
<=2.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:52.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matt-/nunjucks_test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nunjucks node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c=2.4.2"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=\u003cscript\u003ealert(1)\u003c/script\u003e`, it is possible to bypass autoescaping and inject content into the DOM."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T19:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matt-/nunjucks_test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nunjucks node module",
"version": {
"version_data": [
{
"version_value": "\u003c=2.4.2"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=\u003cscript\u003ealert(1)\u003c/script\u003e`, it is possible to bypass autoescaping and inject content into the DOM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla/nunjucks/issues/835",
"refsource": "MISC",
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"name": "https://nodesecurity.io/advisories/147",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/147"
},
{
"name": "https://github.com/matt-/nunjucks_test",
"refsource": "MISC",
"url": "https://github.com/matt-/nunjucks_test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-10547",
"datePublished": "2018-05-31T20:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T16:43:50.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2142 (GCVE-0-2023-2142)
Vulnerability from nvd – Published: 2024-11-26 11:24 – Updated: 2024-11-27 16:19
VLAI?
Title
Nunjucks autoescape bypass leads to cross site scripting
Summary
In Nunjucks versions prior to version 3.2.4, it was
possible to bypass the restrictions which are provided by the autoescape
functionality. If there are two user-controlled parameters on the same
line used in the views, it was possible to inject cross site scripting
payloads using the backslash \ character.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
blaiddx64
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "nunjucks",
"vendor": "mozilla",
"versions": [
{
"lessThan": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-2142",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:17:55.829952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:19:44.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Nunjucks",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "3.2.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "blaiddx64"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \u003ccode\u003e\\\u003c/code\u003e character.\u003c/p\u003e"
}
],
"value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T11:24:15.422Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Nunjucks autoescape bypass leads to cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-2142",
"datePublished": "2024-11-26T11:24:15.422Z",
"dateReserved": "2023-04-18T08:19:20.097Z",
"dateUpdated": "2024-11-27T16:19:44.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10547 (GCVE-0-2016-10547)
Vulnerability from nvd – Published: 2018-05-31 20:00 – Updated: 2024-09-16 16:43
VLAI?
Summary
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic (CWE-79)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | nunjucks node module |
Affected:
<=2.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:52.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/matt-/nunjucks_test"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nunjucks node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003c=2.4.2"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=\u003cscript\u003ealert(1)\u003c/script\u003e`, it is possible to bypass autoescaping and inject content into the DOM."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-31T19:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matt-/nunjucks_test"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2016-10547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nunjucks node module",
"version": {
"version_data": [
{
"version_value": "\u003c=2.4.2"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=\u003cscript\u003ealert(1)\u003c/script\u003e`, it is possible to bypass autoescaping and inject content into the DOM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mozilla/nunjucks/issues/835",
"refsource": "MISC",
"url": "https://github.com/mozilla/nunjucks/issues/835"
},
{
"name": "https://nodesecurity.io/advisories/147",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/147"
},
{
"name": "https://github.com/matt-/nunjucks_test",
"refsource": "MISC",
"url": "https://github.com/matt-/nunjucks_test"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2016-10547",
"datePublished": "2018-05-31T20:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T16:43:50.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}