Fluid Attacks Database

Description

Cross-site Scripting in curly-bracket-parser This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	curly-bracket-parser	>=0 <=1.0.2	1.0.3

Aliases

1. CVE-2021-234162. NVD-2021-234163. OSV-2021-234164. GCVE-2021-23416

References

1. https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js#23L312. https://github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31