{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T20:40:46.780","vulnerabilities":[{"cve":{"id":"CVE-2024-45390","sourceIdentifier":"security-advisories@github.com","published":"2024-09-03T20:15:08.423","lastModified":"2024-09-12T20:15:15.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or don't use the display name feature."},{"lang":"es","value":"@blakeembrey/template es una librería de plantillas de cadenas. Antes de la versión 1.2.0, era posible inyectar y ejecutar código dentro de la plantilla si el atacante tenía acceso para escribir el nombre de la plantilla. La versión 1.2.0 contiene un parche. Como workaround, no pase una entrada que no sea de confianza como nombre para mostrar de la plantilla o no use la función de nombre para mostrar."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blakeembrey:template:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.2.0","matchCriteriaId":"2DEB203C-CE34-41AC-A98C-38B707AC7E8D"}]}]}],"references":[{"url":"https://github.com/blakeembrey/js-template/commit/b8d9aa999e464816c6cfb14acd1ad0f5d1e335aa","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/blakeembrey/js-template/security/advisories/GHSA-q765-wm9j-66qj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}