Backslash Vulnerability Database Improper Neutralization of Special Elements Used in a Template Engine

Improper Neutralization of Special Elements Used in a Template Engine

CWE-1336

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

  • 53%-Composer
  • 40%-Pip
  • 6%-Maven

Short description

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

Extended description

Best practices to prevent this CWE

  • LinkedIn Icon
  • Facebook Icon
  • X Icon
  • Link Icon