CVE-2016-1000230 — XSS in client rendered block templates in rendr

描述

Affected versions of `rendr` are vulnerable to cross-site scripting when client side rendering is done inside a `_block`. Server side rendering is not affected and is properly escaped. ## Recommendation Update to version 1.1.4 or later.

如何修補 CVE-2016-1000230

要修補 CVE-2016-1000230,請將受影響套件升級到下列已修補版本。

npm/rendr—升級至 1.1.4 或更新版本

CVE-2016-1000230 正在被利用嗎?

目前沒有被利用訊號。CVE-2016-1000230 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)

from 0, < 1.1.4

參考連結(5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2016-1000230
PATCHgithub.com/rendrjs/rendr-handlebars
WEBgithub.com/rendrjs/rendr-handlebars/pull/61
WEBgithub.com/rendrjs/rendr/pull/513
WEBwww.npmjs.com/advisories/128