This affects all versions of package curly-bracket-parser.
When used as a template library, it does not properly sanitize the user input.
CPE | Name | Operator | Version |
---|---|---|---|
curly-bracket-parser | le | 1.0.2 |
github.com/magynhard/curly-bracket-parser
github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js#23L31
github.com/magynhard/curly-bracket-parser/blob/master/src/curly-bracket-parser/curly-bracket-parser.js%23L31
nvd.nist.gov/vuln/detail/CVE-2021-23416
snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106