CVE-2021-23824

Name of the Vulnerable Software and Affected Versions Crow versions prior to 0.3+4

Description The issue affects the Crow package when attributes are used without quotes in the template. An attacker can manipulate the input to introduce additional attributes, potentially executing code, which may lead to a Cross-site Scripting (XSS) vulnerability. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.

Recommendations For Crow versions prior to 0.3+4, consider using quotes for attributes in the template to prevent the introduction of additional attributes. As a temporary workaround, restrict the use of user-generated content in templates until a patch is available. Avoid using the template to render untrusted input until the issue is resolved.