← voltar
CVE-2021-23824

Content Injection

CVSS 6.5 MEDIUMEPSS 0.9%
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
n/a · Crow

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/CrowCpp/Crow/pull/317https://github.com/CrowCpp/Crow/releases/tag/v0.3%2B4https://snyk.io/vuln/SNYK-UNMANAGED-CROW-2336164