CVE-2022-21648
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/latte/latte
Identifiers
CVE-2022-21648, GHSA-36m2-8rhx-f36j
Package Slug
packagist/latte/latte
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Latte is an open source template engine for PHP. Users unable to upgrade should not accept template input from untrusted sources.
Affected Versions
All versions starting from 2.8.0 before 2.8.8, all versions starting from 2.9.0 before 2.9.6, all versions starting from 2.10.0 before 2.10.8
Solution
Upgrade to versions 2.8.8, 2.9.6, 2.10.8 or above.
Last Modified
2022-01-14
| source |