CVE-2026-28499

Sažetak

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Version 1.14.2 fixes the issue.

Reference

https://github.com/vapor/leaf-kit/commit/6044b844caa858a0c5f2505ac166f5a057c990dc
https://github.com/vapor/leaf-kit/releases/tag/1.14.2
https://github.com/vapor/leaf-kit/security/advisories/GHSA-6jj5-j4j8-8473

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

18-03-2026 - 02:16

Objavljeno

18-03-2026 - 02:16