CVE-2016-3942: Template Injection

March 30, 2016

If JsRender is used with server-delivered client-side templates that dynamically embed end-user input, then it is possible for a malicious user to execute arbitrary client-side code via use of a very specific expression.

References

github.com/BorisMoore/jsrender/commit/f984e139deb0a7648d5b543860ec652c21f6dcf6

Code Behaviors & Features

Detect and mitigate CVE-2016-3942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →