Vulnerability Details CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 4.3
References
- https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31
- https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106
- https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31
- https://snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106
Products affected by CVE-2021-23416
-
cpe:2.3:a:curly-bracket-parser_project:curly-bracket-parser:0.0.1
-
cpe:2.3:a:curly-bracket-parser_project:curly-bracket-parser:1.0.0
-
cpe:2.3:a:curly-bracket-parser_project:curly-bracket-parser:1.0.1
-
cpe:2.3:a:curly-bracket-parser_project:curly-bracket-parser:1.0.2