Hit enter to search

Flaw in preprocessor language Less.js causes website to leak AWS secret keys.

July 12, 2021

Researchers have cautioned that a vulnerability in the popular preprocessor language Less.js may be used to accomplish remote code execution (RCE) against websites that enable users to enter Less.js code.

When the Less code is executed on the client side, it results in crosssite scripting (XSS), but when executed on the server side, it results in RCE.