CVE-2021-21353P2CRITICALCVSS 9.0fixed in 3.0.12021-03-03
CVE-2021-21353 [CRITICAL] CWE-74 CVE-2021-21353: Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on
ghsanvdosv