CVE-2022-21648: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

January 4, 2022 (updated January 13, 2022)

Latte is an open source template engine for PHP. Users unable to upgrade should not accept template input from untrusted sources.

References

github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0
github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j
nvd.nist.gov/vuln/detail/CVE-2022-21648

Detect and mitigate CVE-2022-21648 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →