CVE-2024-22199

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22199

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22199.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-22199

Aliases

Related

GHSA-4mq2-gc4j-cmw6

Published

2024-01-11T18:15:45Z

Modified

2025-01-08T15:48:12.641726Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to true, effectively mitigating the risk of XSS attacks.

References

Affected packages

Git / github.com/gofiber/template

Affected ranges

Type: GIT
Repo: https://github.com/gofiber/template
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

28cff3ac4d4c117ab25b5396954676d624b6cb46

Fixed

28cff3ac4d4c117ab25b5396954676d624b6cb46

Affected versions

ace/v2.*

ace/v2.0.0

ace/v2.1.0

ace/v2.1.1

ace/v2.1.2

ace/v2.1.3

ace/v2.1.4

ace/v2.1.5

amber/v2.*

amber/v2.0.0

amber/v2.1.0

amber/v2.1.1

amber/v2.1.2

amber/v2.1.3

amber/v2.1.4

amber/v2.1.5

django/v2.*

django/v2.0.0

django/v3.*

django/v3.0.0

django/v3.1.0

django/v3.1.1

django/v3.1.2

django/v3.1.3

django/v3.1.4

django/v3.1.5

django/v3.1.6

django/v3.1.7

django/v3.1.8

handlebars/v2.*

handlebars/v2.0.0

handlebars/v2.1.0

handlebars/v2.1.1

handlebars/v2.1.2

handlebars/v2.1.3

handlebars/v2.1.4

handlebars/v2.1.5

handlebars/v2.1.6

handlebars/v2.1.7

html/v2.*

html/v2.0.0

html/v2.0.1

html/v2.0.2

html/v2.0.3

html/v2.0.4

html/v2.0.5

html/v2.1.0

jet/v2.*

jet/v2.0.0

jet/v2.1.0

jet/v2.1.1

jet/v2.1.2

jet/v2.1.3

jet/v2.1.4

jet/v2.1.5

jet/v2.1.6

jet/v2.1.7

mustache/v2.*

mustache/v2.0.0

mustache/v2.0.1

mustache/v2.0.2

mustache/v2.0.3

mustache/v2.0.4

mustache/v2.0.5

mustache/v2.0.6

mustache/v2.0.7

mustache/v2.0.8

pug/v2.*

pug/v2.0.0

pug/v2.1.0

pug/v2.1.1

pug/v2.1.2

pug/v2.1.3

pug/v2.1.4

pug/v2.1.5

slim/v2.*

slim/v2.0.0

slim/v2.1.0

slim/v2.1.1

slim/v2.1.2

slim/v2.1.3

slim/v2.1.4

slim/v2.1.5

v0.*

v0.0.1

v1.*

v1.0.0

v1.1.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.6.0

v1.6.1

v1.6.10

v1.6.11

v1.6.12

v1.6.13

v1.6.14

v1.6.15

v1.6.16

v1.6.17

v1.6.18

v1.6.19

v1.6.2

v1.6.20

v1.6.21

v1.6.22

v1.6.23

v1.6.24

v1.6.25

v1.6.26

v1.6.27

v1.6.28

v1.6.29

v1.6.3

v1.6.30

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.8.0

v1.8.1

v1.8.2