Vapor: >> Leafkit >> 1.14.1 Security Vulnerabilities
LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Version 1.14.2 fixes the issue.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-18