CVE-2021-39286

Name of the Vulnerable Software and Affected Versions pywb versions prior to 2.6.0

Description The issue arises because pywb does not ensure that Jinja2 templates are autoescaped, leading to a potential XSS attack. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of Jinja2 templates until a patch is available. Restrict access to potentially vulnerable endpoints to minimize the risk of exploitation.