VYPR

Pug

by Putty

npm: pug

Source repositories

CVEs (2)

  • CVE-2024-36361MedMay 24, 2024
    risk 0.37cvss 6.8epss 0.00

    Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and…

  • CVE-2021-21353Mar 3, 2021
    risk 0.00cvss epss 0.04

    Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug…