Incomplete Filtering of Special Elements
CVE-2020-36827
Summary
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- LOW
- LOW
- NONE
CWE-791 - Incomplete Filtering of Special Elements
The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
References
Advisory Timeline
- Published
