GMS-2014-12: XSS vulnerability due to improper value escaping

July 2, 2014

The library does not properly escape attribute values making XSS exploits possible.

References

github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
github.com/janl/mustache.js/pull/388
github.com/knapo/mustache-js-rails/commit/0c79aec192b9b4a8491cdc3398bf6e4db535432b

Code Behaviors & Features

Detect and mitigate GMS-2014-12 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →