You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a security bug. The current version of nunjucks can be attacked by prototype pollution.
What I expected isthis is payload2 content is function(){ return global.process.mainModule.require('child_process').execSync('ls') }() , but the function returns this is payload2 content is main.js node_modules package.json yarn.lock.
This is a security bug. The current version of nunjucks can be attacked by prototype pollution.
What I expected is
this is payload2 content is function(){ return global.process.mainModule.require('child_process').execSync('ls') }()
, but the function returnsthis is payload2 content is main.js node_modules package.json yarn.lock
.Closes #1330 .
Environment
The sample code is as follows.
The text was updated successfully, but these errors were encountered: