[HA_twck]

It is found inside of the in-browser Vue template compiler which is shipped inside the “full build” of Vue. The in-browser Vue template compiler is responsible for creating a string of code to be executed so that component templates like “<div>{{ variables }}</div>” can be parsed and turned into render functions. These render functions are then executed by Vue when it evaluates the render functions within a stringified eval statement, thus allowing a third-party script to run arbitrary code.

CVE:CVE-2024-6783
Affected: vue-template-compiler>= 2.0.0 < 3.0.0 on Vue 2
Critical: Medium-severity level

POC:

Hidden Content

You must register or login to view this content.

PS: I dont own source; only sharing for those who need.

[qian30090]

Thanks, I'll see what's going on.

[lolobob11]

thanksssssss for sharing

[salv]

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[takahash1]

thanks for sharing, let me check it out

[adler]

tnxxxxx for sharing, let me check it out