{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T17:47:45.961","vulnerabilities":[{"cve":{"id":"CVE-2023-2142","sourceIdentifier":"security@mozilla.org","published":"2024-11-26T12:15:18.307","lastModified":"2025-06-24T16:42:52.533","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Nunjucks versions prior to version 3.2.4, it was \npossible to bypass the restrictions which are provided by the autoescape\n functionality. If there are two user-controlled parameters on the same \nline used in the views, it was possible to inject cross site scripting \npayloads using the backslash \\ character."},{"lang":"es","value":"En las versiones de Nunjucks anteriores a la versión 3.2.4, era posible eludir las restricciones que proporciona la función de escape automático. Si hay dos parámetros controlados por el usuario en la misma línea utilizada en las vistas, era posible inyectar payloads de cross-site scripting utilizando el carácter de barra invertida \\."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security@mozilla.org","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mozilla:nunjucks:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.4","matchCriteriaId":"AEEE5C7E-56D7-4DB4-A58B-4AC206EDA1D3"}]}]}],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1825980","source":"security@mozilla.org","tags":["Issue Tracking","Permissions Required"]},{"url":"https://github.com/mozilla/nunjucks/security/advisories/GHSA-x77j-w7wf-fjmw","source":"security@mozilla.org","tags":["Vendor Advisory"]}]}}]}