1 year ago

Is a https://thenewstack.io/cvss-struggles-to-remain-viable-in-the-era-of-cloud-native-computing/ score of 10.0 bad enough for you? These days with security holes appearing fast and furious it takes a truly exceptional security bug to catch my eye.

In case you’ve forgotten, a 10 has a potentially huge impact, and it’s a critical bug.

By using the template to force Nunjacks to run SecureTemplater.render function twice, an attack could break out of the sandbox.

But there was worse to come.