Moderate severityNVD Advisory· Published Sep 21, 2021· Updated Sep 16, 2024
Cross-site Scripting (XSS)
CVE-2021-23443
Description
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
edge.jsnpm | < 5.3.2 | 5.3.2 |
Affected products
2- edge.js/edge.jsdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-55r9-7mf8-m382ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23443ghsaADVISORY
- github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-EDGEJS-1579556ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.