Medium severity6.5NVD Advisory· Published Jan 13, 2022· Updated Jun 17, 2026
CVE-2021-23824
CVE-2021-23824
Description
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Crow/Crowdescription
Patches
Vulnerability mechanics
References
3- github.com/CrowCpp/Crow/pull/317nvdIssue TrackingPatchThird Party Advisory
- snyk.io/vuln/SNYK-UNMANAGED-CROW-2336164nvdExploitThird Party Advisory
- github.com/CrowCpp/Crow/releases/tag/v0.3%2B4nvdRelease NotesThird Party Advisory
News mentions
0No linked articles in our index yet.