Description
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.
Remediation
References
https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21
https://snyk.io/vuln/SNYK-JS-EDGEJS-1579556
Related Vulnerabilities
CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify
CVE-2011-5245 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs
CVE-2022-25852 Vulnerability in npm package pg-native
CVE-2022-41915 Vulnerability in maven package io.netty:netty-codec
CVE-2023-39151 Vulnerability in maven package org.jenkins-ci.main:jenkins-core