TEMP-0000000-137F0A

NameTEMP-0000000-137F0A
Descriptionquoteless attributes in templates can lead to content injection
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mustache.js (PTS)bullseye2.3.2-2vulnerable
sid, trixie, bookworm3.0.1-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mustache.jssource(unstable)(unfixed)unimportant

Notes

fixed in 2.2.1
https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
https://nodesecurity.io/advisories/62
Security hardening, not a vulnerability
Search for package or bug name: Reporting problems