mustache-js-rails 1.0.0
1 security vulnerability
found in version
1.0.0
mustache.js - quoteless attributes in templates can lead to XSS
high severity OSVDB-131671
high severity
OSVDB-131671
Patched versions:
>= 2.0.3
The upstream 'mustache.js' node.js module was found to not properly escape backtick (`) and equals (=) characters, leading to possible content injection via attributes in templates.
Example:
- Template:
- Input: { 'foo' : 'test.com onload=alert(1)'}
- Rendered result:
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.