CVE-2024-38357: Custom Ast Raw Text Injection

Direct assignment of unvalidated attribute values to raw AST text nodes can lead to Cross-Site Scripting (XSS).

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0

greprules fetch cve-2024-38357-custom-ast-raw-text-injection --engine opengrep

Description

Direct assignment of unvalidated attribute values to raw AST text nodes can lead to Cross-Site Scripting (XSS).

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Quality signals: 146 downloads
0 direct146 via packs
· 0 stars · Quality score 77How quality works
Included packs: 2 packs

0 signals from signed-in users.