CVE-2024-36361
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-36361
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36361.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-36361
- Aliases
- Related
- Withdrawn
- 2024-05-24T06:04:19Z
- Published
- 2024-05-24T06:15:08Z
- Modified
- 2024-10-08T04:14:38.268728Z
- Summary
- [none]
- Details
-
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.
- References
Affected packages
Git / github.com/pugjs/pug
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pugjs/pug
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
0.*
0.0.2
0.1.0
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4
0.10.5
0.10.6
0.10.7
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.14.0
0.14.1
0.14.2
0.15.0
0.15.1
0.15.2
0.15.3
0.15.4
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.17.0
0.18.0
0.19.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.20.0
0.20.1
0.20.2
0.20.3
0.21.0
0.22.0
0.22.1
0.23.0
0.24.0
0.25.0
0.26.0
0.26.1
0.26.2
0.26.3
0.27.0
0.27.1
0.27.2
0.27.3
0.27.4
0.27.5
0.27.6
0.27.7
0.28.0
0.28.1
0.28.2
0.29.0
0.3.0
0.30.0
0.31.0
0.31.1
0.31.2
0.32.0
0.33.0
0.34.0
0.34.1
0.35.0
0.4.0
0.4.1
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.6.0
0.6.2
0.6.3
0.7.0
0.7.1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1
0.9.2
0.9.3
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.10.0
1.11.0
1.2.0
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.5.0
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2
2.*
2.0.0-alpha6
2.0.0-alpha7
2.0.0-alpha8
2.0.0-beta1
2.0.0-beta2
2.0.0-beta3
2.0.0-beta4
2.0.0-beta5
2.0.0-beta6
pug-attrs@2.*
pug-attrs@2.0.2
pug-attrs@2.0.3
pug-attrs@2.0.4
pug-attrs@3.*
pug-attrs@3.0.0
pug-code-gen@1.*
pug-code-gen@1.1.1
pug-code-gen@2.*
pug-code-gen@2.0.0
pug-code-gen@2.0.1
pug-code-gen@2.0.2
pug-code-gen@3.*
pug-code-gen@3.0.0
pug-code-gen@3.0.1
pug-code-gen@3.0.2
pug-error@1.*
pug-error@1.3.2
pug-error@1.3.3
pug-error@2.*
pug-error@2.0.0
pug-filters@2.*
pug-filters@2.0.0
pug-filters@2.1.0
pug-filters@2.1.1
pug-filters@2.1.2
pug-filters@2.1.3
pug-filters@2.1.4
pug-filters@2.1.5
pug-filters@3.*
pug-filters@3.0.0
pug-filters@3.0.1
pug-filters@3.0.2
pug-filters@3.1.0
pug-filters@3.1.1
pug-filters@4.*
pug-filters@4.0.0
pug-lexer@2.*
pug-lexer@2.3.1
pug-lexer@2.3.2
pug-lexer@3.*
pug-lexer@3.0.0
pug-lexer@3.1.0
pug-lexer@4.*
pug-lexer@4.0.0
pug-lexer@4.1.0
pug-lexer@5.*
pug-lexer@5.0.0
pug-lexer@5.0.1
pug-linker@1.*
pug-linker@1.0.2
pug-linker@2.*
pug-linker@2.0.0
pug-linker@2.0.1
pug-linker@2.0.2
pug-linker@2.0.3
pug-linker@3.*
pug-linker@3.0.0
pug-linker@3.0.1
pug-linker@3.0.2
pug-linker@3.0.3
pug-linker@3.0.4
pug-linker@3.0.5
pug-linker@3.0.6
pug-linker@4.*
pug-linker@4.0.0
pug-load@2.*
pug-load@2.0.10
pug-load@2.0.11
pug-load@2.0.12
pug-load@2.0.4
pug-load@2.0.5
pug-load@2.0.6
pug-load@2.0.7
pug-load@2.0.8
pug-load@2.0.9
pug-load@3.*
pug-load@3.0.0
pug-parser@2.*
pug-parser@2.0.2
pug-parser@3.*
pug-parser@3.0.0
pug-parser@3.0.1
pug-parser@4.*
pug-parser@4.0.0
pug-parser@4.0.1
pug-parser@5.*
pug-parser@5.0.0
pug-parser@5.0.1
pug-parser@6.*
pug-parser@6.0.0
pug-runtime@2.*
pug-runtime@2.0.3
pug-runtime@2.0.4
pug-runtime@2.0.5
pug-runtime@3.*
pug-runtime@3.0.0
pug-runtime@3.0.1
pug-strip-comments@1.*
pug-strip-comments@1.0.2
pug-strip-comments@1.0.3
pug-strip-comments@1.0.4
pug-strip-comments@2.*
pug-strip-comments@2.0.0
pug-walk@1.*
pug-walk@1.1.0
pug-walk@1.1.1
pug-walk@1.1.2
pug-walk@1.1.3
pug-walk@1.1.4
pug-walk@1.1.5
pug-walk@1.1.6
pug-walk@1.1.7
pug-walk@1.1.8
pug-walk@2.*
pug-walk@2.0.0
pug@2.*
pug@2.0.0
pug@2.0.0-beta.12
pug@2.0.0-beta10
pug@2.0.0-beta11
pug@2.0.0-beta7
pug@2.0.0-beta8
pug@2.0.0-beta9
pug@2.0.0-rc.1
pug@2.0.0-rc.2
pug@2.0.0-rc.3
pug@2.0.0-rc.4
pug@2.0.1
pug@2.0.2
pug@2.0.3
pug@2.0.4
pug@3.*
pug@3.0.0
pug@3.0.1
pug@3.0.2