/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2024-36361

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-36361

Severity

6.8

Medium

CVSS V3

Description

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.

References

Affected packages


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing