CVE-2024-36361

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers.

Related Vulnerabilities

CVE-2017-3753

MEDIUM
CVSS:6.8(Medium)

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with adm...

CWE-942017

CVE-2019-8900

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary c...

CWE-942019

CVE-2021-3615

MEDIUM
CVSS:6.8(Medium)

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262...

CWE-942021

CVE-2021-38745

MEDIUM
CVSS:6.8(Medium)

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through ...

CWE-942021

CVE-2022-41223

MEDIUM
CVSS:6.8(Medium)

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restriction...

CWE-942022

CVE-2022-43486

MEDIUM
CVSS:6.8(Medium)

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command o...

CWE-942022