← Back to CVE List
CVE-2023-2142
In Nunjucks versions prior to version 3.2.4, it was
possible to bypass the restrictions which are provided by the autoescape
functionality. If there are two user-controlled parameters on the same
line used in the views, it was possible to inject cross site scripting
payloads using the backslash \ character.
> MITRE Terms of Use apply – see LICENSE‑MITRE.txt