CVE-2023-23630

Name of the Vulnerable Software and Affected Versions Eta versions prior to 2.0.0

Description The issue is related to a XSS attack that impacts anyone using the Express API. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include passing user-supplied data directly to the res.render function.

Recommendations For versions prior to 2.0.0, upgrade to version 2.0.0 to resolve the issue. As a temporary workaround, do not pass user-supplied things directly to res.render or res.renderFile.