A content injection vulnerability was found in mustache templates, caused by not using quotes around the attributes in templates. External reference: https://nodesecurity.io/advisories/62 Upstream patch: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
Created nodejs-mustache tracking bugs for this issue: Affects: fedora-all [bug 1295756]
*** This bug has been marked as a duplicate of bug 1291742 ***