{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2142", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2023-04-18T08:19:20.097Z", "datePublished": "2024-11-26T11:24:15.422Z", "dateUpdated": "2024-11-27T16:19:44.548Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "Nunjucks", "vendor": "Mozilla", "versions": [{"lessThan": "3.2.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "blaiddx64"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash <code>\\</code> character.</p>"}], "value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-11-26T11:24:15.422Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980"}, {"tags": ["vendor-advisory"], "url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"}], "source": {"discovery": "UNKNOWN"}, "title": "Nunjucks autoescape bypass leads to cross site scripting", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "mozilla", "product": "nunjucks", "cpes": ["cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "3.2.4", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-27T16:17:55.829952Z", "id": "CVE-2023-2142", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T16:19:44.548Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-2142", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-27T16:17:55.829952Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*"], "vendor": "mozilla", "product": "nunjucks", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.4", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-27T16:19:37.787Z"}}], "cna": {"title": "Nunjucks autoescape bypass leads to cross site scripting", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "blaiddx64"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Mozilla", "product": "Nunjucks", "versions": [{"status": "affected", "version": "0", "lessThan": "3.2.4", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980", "tags": ["issue-tracking"]}, {"url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character.", "supportingMedia": [{"type": "text/html", "value": "<p>In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash <code>\\</code> character.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2024-11-26T11:24:15.422Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2142", "state": "PUBLISHED", "dateUpdated": "2024-11-27T16:19:44.548Z", "dateReserved": "2023-04-18T08:19:20.097Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2024-11-26T11:24:15.422Z", "assignerShortName": "mozilla"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."}, {"lang": "es", "value": "En las versiones de Nunjucks anteriores a la versi\u00f3n 3.2.4, era posible eludir las restricciones que proporciona la funci\u00f3n de escape autom\u00e1tico. Si hay dos par\u00e1metros controlados por el usuario en la misma l\u00ednea utilizada en las vistas, era posible inyectar payloads de cross-site scripting utilizando el car\u00e1cter de barra invertida \\."}], "id": "CVE-2023-2142", "lastModified": "2024-11-27T17:15:05.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-26T12:15:18.307", "references": [{"source": "security@mozilla.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1825980"}, {"source": "security@mozilla.org", "url": "https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@mozilla.org", "type": "Secondary"}]}

{"bugzilla": {"description": "Nunjucks: Nunjucks autoescape bypass leads to cross site scripting", "id": "2328903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328903"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\nfunctionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character.", "A flaw was found in Nunjucks versions prior to 3.2.4. This vulnerability can allow attackers to inject cross-site scripting (XSS) payloads via bypassing autoescape functionality by using a backslash (\\) character when two user-controlled parameters are on the same line in the views."], "name": "CVE-2023-2142", "package_state": [{"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}], "public_date": "2024-11-26T11:24:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2142\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2142\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1825980\nhttps://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw"], "threat_severity": "Moderate"}