VDB
KO
MEDIUM 5.4

GHSA-5f38-9jw2-6r6h

Cross-site Scripting in teddy

Details

Teddy is a readable and easy to learn templating language. This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / teddy
Introduced in: 0 Fixed in: 0.5.9
Fix npm install teddy@0.5.9

References