CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2142

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.2%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2023-2142

Mozilla » Nunjucks » Version: 0.1.0

cpe:2.3:a:mozilla:nunjucks:0.1.0
Mozilla » Nunjucks » Version: 0.1.1

cpe:2.3:a:mozilla:nunjucks:0.1.1
Mozilla » Nunjucks » Version: 0.1.10

cpe:2.3:a:mozilla:nunjucks:0.1.10
Mozilla » Nunjucks » Version: 0.1.2

cpe:2.3:a:mozilla:nunjucks:0.1.2
Mozilla » Nunjucks » Version: 0.1.4

cpe:2.3:a:mozilla:nunjucks:0.1.4
Mozilla » Nunjucks » Version: 0.1.5

cpe:2.3:a:mozilla:nunjucks:0.1.5
Mozilla » Nunjucks » Version: 0.1.6

cpe:2.3:a:mozilla:nunjucks:0.1.6
Mozilla » Nunjucks » Version: 0.1.7

cpe:2.3:a:mozilla:nunjucks:0.1.7
Mozilla » Nunjucks » Version: 0.1.8

cpe:2.3:a:mozilla:nunjucks:0.1.8
Mozilla » Nunjucks » Version: 0.1.9

cpe:2.3:a:mozilla:nunjucks:0.1.9
Mozilla » Nunjucks » Version: 1.0.0

cpe:2.3:a:mozilla:nunjucks:1.0.0
Mozilla » Nunjucks » Version: 1.0.1

cpe:2.3:a:mozilla:nunjucks:1.0.1
Mozilla » Nunjucks » Version: 1.0.2

cpe:2.3:a:mozilla:nunjucks:1.0.2
Mozilla » Nunjucks » Version: 1.0.4

cpe:2.3:a:mozilla:nunjucks:1.0.4
Mozilla » Nunjucks » Version: 1.0.5

cpe:2.3:a:mozilla:nunjucks:1.0.5
Mozilla » Nunjucks » Version: 1.0.6

cpe:2.3:a:mozilla:nunjucks:1.0.6
Mozilla » Nunjucks » Version: 1.0.7

cpe:2.3:a:mozilla:nunjucks:1.0.7
Mozilla » Nunjucks » Version: 1.1.0

cpe:2.3:a:mozilla:nunjucks:1.1.0
Mozilla » Nunjucks » Version: 1.2.0

cpe:2.3:a:mozilla:nunjucks:1.2.0
Mozilla » Nunjucks » Version: 1.3.0

cpe:2.3:a:mozilla:nunjucks:1.3.0
Mozilla » Nunjucks » Version: 1.3.1

cpe:2.3:a:mozilla:nunjucks:1.3.1
Mozilla » Nunjucks » Version: 1.3.2

cpe:2.3:a:mozilla:nunjucks:1.3.2
Mozilla » Nunjucks » Version: 1.3.3

cpe:2.3:a:mozilla:nunjucks:1.3.3
Mozilla » Nunjucks » Version: 1.3.4

cpe:2.3:a:mozilla:nunjucks:1.3.4
Mozilla » Nunjucks » Version: 2.0.0

cpe:2.3:a:mozilla:nunjucks:2.0.0
Mozilla » Nunjucks » Version: 2.1.0

cpe:2.3:a:mozilla:nunjucks:2.1.0
Mozilla » Nunjucks » Version: 2.2.0

cpe:2.3:a:mozilla:nunjucks:2.2.0
Mozilla » Nunjucks » Version: 2.3.0

cpe:2.3:a:mozilla:nunjucks:2.3.0
Mozilla » Nunjucks » Version: 2.4.0

cpe:2.3:a:mozilla:nunjucks:2.4.0
Mozilla » Nunjucks » Version: 2.4.1

cpe:2.3:a:mozilla:nunjucks:2.4.1
Mozilla » Nunjucks » Version: 2.4.2

cpe:2.3:a:mozilla:nunjucks:2.4.2
Mozilla » Nunjucks » Version: 2.4.3

cpe:2.3:a:mozilla:nunjucks:2.4.3
Mozilla » Nunjucks » Version: 2.5.0

cpe:2.3:a:mozilla:nunjucks:2.5.0
Mozilla » Nunjucks » Version: 2.5.1

cpe:2.3:a:mozilla:nunjucks:2.5.1
Mozilla » Nunjucks » Version: 2.5.2

cpe:2.3:a:mozilla:nunjucks:2.5.2
Mozilla » Nunjucks » Version: 3.0.0

cpe:2.3:a:mozilla:nunjucks:3.0.0
Mozilla » Nunjucks » Version: 3.0.1

cpe:2.3:a:mozilla:nunjucks:3.0.1
Mozilla » Nunjucks » Version: 3.1.0

cpe:2.3:a:mozilla:nunjucks:3.1.0
Mozilla » Nunjucks » Version: 3.1.1

cpe:2.3:a:mozilla:nunjucks:3.1.1
Mozilla » Nunjucks » Version: 3.1.2

cpe:2.3:a:mozilla:nunjucks:3.1.2
Mozilla » Nunjucks » Version: 3.1.3

cpe:2.3:a:mozilla:nunjucks:3.1.3
Mozilla » Nunjucks » Version: 3.1.4

cpe:2.3:a:mozilla:nunjucks:3.1.4
Mozilla » Nunjucks » Version: 3.1.5

cpe:2.3:a:mozilla:nunjucks:3.1.5
Mozilla » Nunjucks » Version: 3.1.6

cpe:2.3:a:mozilla:nunjucks:3.1.6
Mozilla » Nunjucks » Version: 3.1.7

cpe:2.3:a:mozilla:nunjucks:3.1.7
Mozilla » Nunjucks » Version: 3.2.0

cpe:2.3:a:mozilla:nunjucks:3.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2142

Products

Pricing

Contact Us