Flaw in preprocessor language Less.js causes website to leak AWS secret keys.

12-July-21

Researchers have cautioned that a vulnerability in the popular preprocessor language Less.js may be used to accomplish remote code execution (RCE) against websites that enable users to enter Less.js code.

When the Less code is executed on the client side, it results in crosssite scripting (XSS), but when executed on the server side, it results in RCE.

Read More…