CVE-2024-45390

Summary

CVE-2024-45390 identifies a vulnerability in the @blakeembrey/template string template library, which allows code injection if an attacker can write the template name prior to version 1.2.0. Affected products include various implementations using this library, and the issue has been patched in version 1.2.0. To mitigate risks, it is advised not to pass untrusted input as the template display name or to avoid using the display name feature altogether. The vulnerability has a high base severity score of 7.3 and a low integrity and confidentiality impact, but it poses potential dangers as it can be exploited over a network with no user interaction required. For further details, references are available through GitHub's security advisories and commit documentation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.