CVE-2021-23443

Cross-site Scripting in npm/edge.js

Identifier

CVE-2021-23443

Package Slug

npm/edge.js

Vulnerability

Cross-site Scripting

Description

A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.

Affected Versions

All versions before 5.3.2

Solution

Upgrade to version 5.3.2 or above.

Last Modified

2021-10-01

source