← All advisories

Moderate severityNVD Advisory· Published Aug 18, 2021· Updated Aug 4, 2024

CVE-2021-39286

CVE-2021-39286

Description

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pywbPyPI	< 2.6.0	2.6.0

Affected products

2

Webrecorder/pywbdescription
ghsa-coords
pkg:pypi/pywb
Range: < 2.6.0

Patches

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

github.com/advisories/GHSA-947x-pv47-pp3qghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-39286ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/pywb/PYSEC-2021-120.yamlghsaWEB
github.com/webrecorder/pywb/commit/f7bd84cdacdd665ff73ae8d09a202f60be2ebae9ghsax_refsource_MISCWEB
github.com/webrecorder/pywb/compare/v-2.5.0...v-2.6.0ghsax_refsource_MISCWEB

News mentions

0

No linked articles in our index yet.