[GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input #4467

davidrunger · 2024-05-28T15:07:12Z

Updates

Affected products

Comments
Patched in this PR: pugjs/pug#3438
which was released as pug 3.0.3 and pug-code-gen 3.0.3
as mentioned here https://github.com/pugjs/pug/releases/tag/pug%403.0.3
and as can be seen here https://diff.intrinsic.com/pug/3.0.2/3.0.3
and here https://diff.intrinsic.com/pug-code-gen/3.0.2/3.0.3

advisory-database · 2024-05-28T15:45:46Z

Hi @davidrunger! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!

Improve GHSA-3965-hpx2-q597

5ab8c98

github-actions bot changed the base branch from main to davidrunger/advisory-improvement-4467 May 28, 2024 15:08

advisory-database bot merged commit abc21dc into davidrunger/advisory-improvement-4467 May 28, 2024
2 checks passed

advisory-database bot deleted the davidrunger-GHSA-3965-hpx2-q597 branch May 28, 2024 15:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input #4467

[GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input #4467

davidrunger commented May 28, 2024

advisory-database bot commented May 28, 2024

[GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input #4467

[GHSA-3965-hpx2-q597] Pug allows JavaScript code execution if an application accepts untrusted input #4467

Conversation

davidrunger commented May 28, 2024

advisory-database bot commented May 28, 2024