CWE-1336
AllowedImproper Neutralization of Special Elements Used in a Template Engine
Abstraction: Base · Status: Incomplete
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
313 vulnerabilities reference this CWE, most recent first.
GHSA-7FXV-8WR2-MFC4
Vulnerability from github – Published: 2026-05-11 16:15 – Updated: 2026-06-09 02:00Impact
A malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner.
The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC provisioning and cleanup operations. However, the template is not sufficiently validated before use. Security-sensitive fields such as securityContext.privileged, hostPath volumes, and Linux capabilities can be injected into the template.
Example malicious HelperPod template:
apiVersion: v1
kind: Pod
metadata:
name: helper-pod
spec:
containers:
- name: helper-pod
image: docker.io/kindest/local-path-helper:v20230510-486859a6
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
volumeMounts:
- name: host-root
mountPath: /host
volumes:
- name: host-root
hostPath:
path: /
type: Directory
When a PVC operation triggers HelperPod creation, the provisioner creates the HelperPod using the attacker-controlled template. This can result in a privileged pod running on the target node with the host root filesystem mounted.
This may allow the attacker to access sensitive host files, read ServiceAccount tokens from other pods on the same node, access other tenants' local-path volume data, or modify files on the host node.
Expected Behavior:
- The HelperPod template should not allow privileged containers.
- The HelperPod template should not allow arbitrary
hostPathmounts. - Security-sensitive fields in
helperPod.yamlshould be validated or rejected before the provisioner creates HelperPods.
Patches
This vulnerability is addressed by validating the HelperPod template loaded from the local-path-config ConfigMap before it is used to create HelperPods.
The fix ensures that unsafe fields such as privileged security contexts, hostPath volumes, and other dangerous pod security settings are rejected. This prevents an attacker with ConfigMap edit permission from injecting a malicious HelperPod template that grants access to the host node.
Previously, a malicious user could modify helperPod.yaml to cause the provisioner to create a privileged HelperPod with the host root filesystem mounted, potentially leading to node-level compromise and ServiceAccount token theft.
With this fix, HelperPod templates containing unsafe security-sensitive fields are denied, and only safe HelperPod configurations are accepted.
Patched versions of local-path-provisioner include releases v0.0.34 and later.
No patches are provided for earlier releases, as they do not include the necessary HelperPod template validation logic.
Workarounds
Users should upgrade to a patched version of local-path-provisioner to fully mitigate this vulnerability.
As a temporary mitigation, users can restrict write access to the local-path-config ConfigMap in the local-path-storage namespace. Only trusted administrators should be allowed to update this ConfigMap.
Users may also mark the ConfigMap as immutable after deployment:
kubectl -n local-path-storage patch configmap local-path-config \
--type merge -p '{"immutable": true}'
Additionally, enabling Kubernetes Pod Security Admission for the local-path-storage namespace can provide defense in depth. For example, enforcing the baseline policy can prevent privileged HelperPods from being created even if the template is modified:
kubectl label namespace local-path-storage \
pod-security.kubernetes.io/enforce=baseline \
pod-security.kubernetes.io/warn=restricted
These mitigations reduce the risk of exploitation, but upgrading to a patched release is required to fully address the issue.
References
If you have any questions or comments about this advisory:
- Contact the SUSE Rancher Security team for security related inquiries.
- Open an issue in the Rancher repository.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/rancher/local-path-provisioner"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.36"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44543"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-269"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T16:15:48Z",
"nvd_published_at": "2026-05-28T17:16:30Z",
"severity": "HIGH"
},
"details": "### Impact\n\nA malicious user with permission to edit the `local-path-config` ConfigMap in the `local-path-storage` namespace can manipulate the `helperPod.yaml` template used by `rancher/local-path-provisioner`.\n\nThe `helperPod.yaml` template is loaded by the provisioner and used to create HelperPods during PVC provisioning and cleanup operations. However, the template is not sufficiently validated before use. Security-sensitive fields such as `securityContext.privileged`, `hostPath` volumes, and Linux capabilities can be injected into the template.\n\nExample malicious HelperPod template:\n\n~~~yaml\napiVersion: v1\nkind: Pod\nmetadata:\n name: helper-pod\nspec:\n containers:\n - name: helper-pod\n image: docker.io/kindest/local-path-helper:v20230510-486859a6\n imagePullPolicy: IfNotPresent\n securityContext:\n privileged: true\n volumeMounts:\n - name: host-root\n mountPath: /host\n volumes:\n - name: host-root\n hostPath:\n path: /\n type: Directory\n~~~\n\nWhen a PVC operation triggers HelperPod creation, the provisioner creates the HelperPod using the attacker-controlled template. This can result in a privileged pod running on the target node with the host root filesystem mounted.\n\nThis may allow the attacker to access sensitive host files, read ServiceAccount tokens from other pods on the same node, access other tenants\u0027 local-path volume data, or modify files on the host node.\n\nExpected Behavior:\n\n- The HelperPod template should not allow privileged containers.\n- The HelperPod template should not allow arbitrary `hostPath` mounts.\n- Security-sensitive fields in `helperPod.yaml` should be validated or rejected before the provisioner creates HelperPods.\n\n### Patches\n\nThis vulnerability is addressed by validating the HelperPod template loaded from the `local-path-config` ConfigMap before it is used to create HelperPods.\n\nThe fix ensures that unsafe fields such as privileged security contexts, hostPath volumes, and other dangerous pod security settings are rejected. This prevents an attacker with ConfigMap edit permission from injecting a malicious HelperPod template that grants access to the host node.\n\nPreviously, a malicious user could modify `helperPod.yaml` to cause the provisioner to create a privileged HelperPod with the host root filesystem mounted, potentially leading to node-level compromise and ServiceAccount token theft.\n\nWith this fix, HelperPod templates containing unsafe security-sensitive fields are denied, and only safe HelperPod configurations are accepted.\n\nPatched versions of local-path-provisioner include releases v0.0.34 and later.\n\nNo patches are provided for earlier releases, as they do not include the necessary HelperPod template validation logic.\n\n### Workarounds\n\nUsers should upgrade to a patched version of local-path-provisioner to fully mitigate this vulnerability.\n\nAs a temporary mitigation, users can restrict write access to the `local-path-config` ConfigMap in the `local-path-storage` namespace. Only trusted administrators should be allowed to update this ConfigMap.\n\nUsers may also mark the ConfigMap as immutable after deployment:\n\n~~~bash\nkubectl -n local-path-storage patch configmap local-path-config \\\n --type merge -p \u0027{\"immutable\": true}\u0027\n~~~\n\nAdditionally, enabling Kubernetes Pod Security Admission for the `local-path-storage` namespace can provide defense in depth. For example, enforcing the `baseline` policy can prevent privileged HelperPods from being created even if the template is modified:\n\n~~~bash\nkubectl label namespace local-path-storage \\\n pod-security.kubernetes.io/enforce=baseline \\\n pod-security.kubernetes.io/warn=restricted\n~~~\n\nThese mitigations reduce the risk of exploitation, but upgrading to a patched release is required to fully address the issue.\n\n### References\n\nIf you have any questions or comments about this advisory:\n\n- Contact the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.\n- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.",
"id": "GHSA-7fxv-8wr2-mfc4",
"modified": "2026-06-09T02:00:33Z",
"published": "2026-05-11T16:15:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rancher/local-path-provisioner/security/advisories/GHSA-7fxv-8wr2-mfc4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44543"
},
{
"type": "PACKAGE",
"url": "https://github.com/rancher/local-path-provisioner"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Local Path Provisioner Vulnerable to HelperPod Template Injection"
}
GHSA-7J69-QFC3-2FQ9
Vulnerability from github – Published: 2023-12-13 00:30 – Updated: 2024-09-16 21:08A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.16.0"
},
{
"fixed": "2.16.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.15.0"
},
{
"fixed": "2.15.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.14.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-5764"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-20T20:30:30Z",
"nvd_published_at": "2023-12-12T22:15:22Z",
"severity": "MODERATE"
},
"details": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.",
"id": "GHSA-7j69-qfc3-2fq9",
"modified": "2024-09-16T21:08:57Z",
"published": "2023-12-13T00:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/270b39f6ff02511a2199505161218cbd1a5ae34f"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/fea130480d261ea5bf6fcd5cf19a348f1686ceb1"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Ansible template injection vulnerability"
}
GHSA-7P36-FQ2R-4H7R
Vulnerability from github – Published: 2026-06-17 21:34 – Updated: 2026-06-19 14:48Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig SecurityPolicy. Attackers can supply malicious Twig templates through the DataObject ClassDefinition Layout\Text component to perform arbitrary file reads, execute arbitrary database queries, and potentially achieve remote code execution via PHP object gadget chains, with the pimcore_* function wildcard further broadening the bypass to all Pimcore Twig functions.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "pimcore/pimcore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.3.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-11407"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T14:48:25Z",
"nvd_published_at": "2026-06-17T20:16:48Z",
"severity": "HIGH"
},
"details": "Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed() and checkPropertyAllowed() implementations in the custom Twig SecurityPolicy. Attackers can supply malicious Twig templates through the DataObject ClassDefinition Layout\\Text component to perform arbitrary file reads, execute arbitrary database queries, and potentially achieve remote code execution via PHP object gadget chains, with the pimcore_* function wildcard further broadening the bypass to all Pimcore Twig functions.",
"id": "GHSA-7p36-fq2r-4h7r",
"modified": "2026-06-19T14:48:25Z",
"published": "2026-06-17T21:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11407"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/pimcore/pull/19193"
},
{
"type": "WEB",
"url": "https://github.com/pimcore/pimcore/commit/fffa7f6396329e88610db70a8652529bbc734892"
},
{
"type": "PACKAGE",
"url": "https://github.com/pimcore/pimcore"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/pimcore-cms-twig-sandbox-bypass-via-securitypolicy-checkmethodallowed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Pimcore CMS Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed"
}
GHSA-7V2V-9RM4-7M8F
Vulnerability from github – Published: 2023-04-18 13:14 – Updated: 2026-01-14 17:03Impact
We fixed with CVE-2023-22731 Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list
Patches
The problem has been fixed with 6.4.20.1 with an improved override.
Workarounds
For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.4.20.0"
},
"package": {
"ecosystem": "Packagist",
"name": "shopware/platform"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.4.20.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.4.20.0"
},
"package": {
"ecosystem": "Packagist",
"name": "shopware/core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.4.20.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-2017"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-18T13:14:20Z",
"nvd_published_at": "2023-04-17T11:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nWe fixed with [CVE-2023-22731](https://github.com/shopware/platform/security/advisories/GHSA-93cw-f5jj-x85w) Twig filters to only be executed with allowed functions. It is possible to pass PHP Closures as string or an array and array crafted PHP Closures was not checked against allow list\n\n### Patches\nThe problem has been fixed with 6.4.20.1 with an improved override.\n\n### Workarounds\nFor older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.",
"id": "GHSA-7v2v-9rm4-7m8f",
"modified": "2026-01-14T17:03:26Z",
"published": "2023-04-18T13:14:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f"
},
{
"type": "WEB",
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-7v2v-9rm4-7m8f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2017"
},
{
"type": "WEB",
"url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023"
},
{
"type": "PACKAGE",
"url": "https://github.com/shopware/platform"
},
{
"type": "WEB",
"url": "https://github.com/shopware/platform/releases/tag/v6.4.20.1"
},
{
"type": "WEB",
"url": "https://starlabs.sg/advisories/23/23-2017"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Shopware Has Improper Control of Generation of Code in Twig rendered views"
}
GHSA-7XJM-G8F4-RP26
Vulnerability from github – Published: 2026-04-14 23:13 – Updated: 2026-04-27 15:02Summary
The ConformityCheck class in giskard-checks rendered the rule parameter through Jinja2's default Template() constructor. Because the rule string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at runtime. In a scenario where check definitions are loaded from an untrusted source (e.g. a shared project file or externally contributed configuration), this could lead to arbitrary code execution.
giskard-checks is a local developer testing library with no network-facing service. Check definitions, including the rule parameter, are provided in application code or project configuration files and executed locally. Exploitation requires write access to a check definition and subsequent execution of the test suite by a developer.
However, the implicit template evaluation of the rule parameter is not obvious from the API surface. This hidden behavior increases the likelihood of a developer inadvertently passing untrusted input to it when integrating the library into a larger system.
Affected Component
conformity.py, line 59:
from jinja2 import Template
...
formatted_rule = Template(self.rule).render(trace=trace)
Affected Versions
giskard-checks < 1.0.2b1
Patched Version
giskard-checks >= 1.0.2b1 (template parsing removed from rule evaluation entirely)
Remediation
Upgrade to giskard-checks >= 1.0.2b1. The template rendering has been removed from rule evaluation.
Credit
Giskard-AI thanks @dhabaleshwar for identifying the unsandboxed template usage.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.0.1b1"
},
"package": {
"ecosystem": "PyPI",
"name": "giskard-checks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2b1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-40320"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T23:13:52Z",
"nvd_published_at": "2026-04-17T18:16:32Z",
"severity": "MODERATE"
},
"details": "## Summary\n \nThe `ConformityCheck` class in `giskard-checks` rendered the `rule` parameter through Jinja2\u0027s default `Template()` constructor. Because the `rule` string is silently interpreted as a Jinja2 template, a developer may not realize that template expressions embedded in rule definitions are evaluated at runtime. In a scenario where check definitions are loaded from an untrusted source (e.g. a shared project file or externally contributed configuration), this could lead to arbitrary code execution.\n\n`giskard-checks` is a local developer testing library with no network-facing service. Check definitions, including the `rule` parameter, are provided in application code or project configuration files and executed locally. Exploitation requires write access to a check definition and subsequent execution of the test suite by a developer.\n\nHowever, the implicit template evaluation of the `rule` parameter is not obvious from the API surface. This hidden behavior increases the likelihood of a developer inadvertently passing untrusted input to it when integrating the library into a larger system. \n\n## Affected Component\n \n`conformity.py`, line 59:\n```python\nfrom jinja2 import Template\n...\nformatted_rule = Template(self.rule).render(trace=trace)\n```\n \n## Affected Versions\n \n`giskard-checks` \u003c 1.0.2b1\n \n## Patched Version\n \n`giskard-checks` \u003e= **1.0.2b1** (template parsing removed from rule evaluation entirely)\n \n## Remediation\n \nUpgrade to `giskard-checks` \u003e= 1.0.2b1. The template rendering has been removed from rule evaluation.\n \n## Credit\n \nGiskard-AI thanks @dhabaleshwar for identifying the unsandboxed template usage.",
"id": "GHSA-7xjm-g8f4-rp26",
"modified": "2026-04-27T15:02:33Z",
"published": "2026-04-14T23:13:52Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Giskard-AI/giskard-oss/security/advisories/GHSA-7xjm-g8f4-rp26"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40320"
},
{
"type": "PACKAGE",
"url": "https://github.com/Giskard-AI/giskard-oss"
},
{
"type": "WEB",
"url": "https://github.com/Giskard-AI/giskard-oss/releases/tag/giskard-checks%2Fv1.0.2b1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "Giskard has Unsandboxed Jinja2 Template Rendering in ConformityCheck"
}
GHSA-82W3-G3Q9-MXC3
Vulnerability from github – Published: 2024-03-05 15:32 – Updated: 2025-03-28 18:32CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.
{
"affected": [],
"aliases": [
"CVE-2024-27623"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-352"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-05T14:15:49Z",
"severity": "MODERATE"
},
"details": "CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.",
"id": "GHSA-82w3-g3q9-mxc3",
"modified": "2025-03-28T18:32:49Z",
"published": "2024-03-05T15:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27623"
},
{
"type": "WEB",
"url": "https://github.com/capture0x/CMSMadeSimple2"
},
{
"type": "WEB",
"url": "https://www.vicarius.io/vsociety/posts/pwning-cmsms-via-user-defined-tags-for-fun-and-learning-cve-2024-27622-27623"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-83JV-4PRM-34G7
Vulnerability from github – Published: 2024-05-21 21:00 – Updated: 2024-05-21 21:00Under certain circumstances it is possible to execute an authorized foreign code in Shopware version prior to 5.2.25.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "shopware/shopware"
},
"ranges": [
{
"events": [
{
"introduced": "4.2.0"
},
{
"fixed": "5.2.25"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2024-05-21T21:00:39Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Under certain circumstances it is possible to execute an authorized foreign code in Shopware version prior to 5.2.25.\n",
"id": "GHSA-83jv-4prm-34g7",
"modified": "2024-05-21T21:00:39Z",
"published": "2024-05-21T21:00:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/shopware5/shopware/commit/8f6a7cefcba7547276892b82f64e4874c1a0dfed"
},
{
"type": "WEB",
"url": "https://community.shopware.com/_detail_2015.html"
},
{
"type": "WEB",
"url": "https://docs.shopware.com/en/shopware-5-en/security-updates/security-update-06-2017?category=shopware-5-en/security-updates"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/shopware/shopware/2017-06-22.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/shopware5/shopware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Shopware Remote Code Execution Vulnerability"
}
GHSA-83XR-5XXR-MH92
Vulnerability from github – Published: 2026-03-27 17:17 – Updated: 2026-03-27 17:17Summary
Instance template files can be used to cause arbitrary read or writes as root on the host server.
Details
Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance's filesystem.
This was allowed such that a template could theoretically read a file and then generate a new version of said file.
Unfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system's filesystem with root privileges.
Credit
This issue was discovered and reported by the team at 7asecurity
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/lxc/incus/v6"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.23.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/lxc/incus"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33897"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-27T17:17:03Z",
"nvd_published_at": "2026-03-26T23:16:20Z",
"severity": "CRITICAL"
},
"details": "### Summary\nInstance template files can be used to cause arbitrary read or writes as root on the host server.\n\n### Details\nIncus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to template files inside of the instance. This particular implementation of pongo2 within Incus allowed for file read/write but with the expectation that the pongo2 chroot feature would isolate all such access to the instance\u0027s filesystem.\n\nThis was allowed such that a template could theoretically read a file and then generate a new version of said file.\n\nUnfortunately the chroot isolation mechanism is entirely skipped by pongo2 leading to easy access to the entire system\u0027s filesystem with root privileges.\n\n### Credit\nThis issue was discovered and reported by the team at [7asecurity](https://7asecurity.com/)",
"id": "GHSA-83xr-5xxr-mh92",
"modified": "2026-03-27T17:17:03Z",
"published": "2026-03-27T17:17:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33897"
},
{
"type": "WEB",
"url": "https://github.com/lxc/incus/commit/487edf5984fad89b0f762c03a7e211fdd38396fb"
},
{
"type": "PACKAGE",
"url": "https://github.com/lxc/incus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incus vulnerable to arbitrary file read and write through pongo templates"
}
GHSA-8535-HVM8-2HMV
Vulnerability from github – Published: 2025-12-02 01:25 – Updated: 2025-12-02 01:25Summary
Having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload. Sensitive information may be contained in the configuration details.
PoC
Create a simple form with two fields, 'registration-number' and 'hp'. Add a submit button and set the method to POST(screenshot attached below). Form name set to 'hero-form'. Send a POST request with the following payload and you will notice a response with a php array listing the whole Grav configuration details - including plugins(screenshot attached).
registration-number:d643aaaa
hp:vJyifp
form-name:hero-form
unique_form_id:{{var_dump(_context|slice(0,7))}}
Impact
Server-Side Template (SST) vulnerability. The vulnerability affects the latest Grav version as of 25th of Match 2025 (1.7.48) with all plugins installed (including forms plugin v.7.4.2) to their latest versions as well.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getgrav/grav"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0-beta.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66298"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T01:25:33Z",
"nvd_published_at": "2025-12-01T22:15:49Z",
"severity": "HIGH"
},
"details": "### Summary\nHaving a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using the correct POST payload. Sensitive information may be contained in the configuration details.\n\n### PoC\nCreate a simple form with two fields, \u0027registration-number\u0027 and \u0027hp\u0027. Add a submit button and set the method to POST(screenshot attached below). Form name set to \u0027hero-form\u0027. Send a POST request with the following payload and you will notice a response with a php array listing the whole Grav configuration details - including plugins(screenshot attached).\n\nregistration-number:d643aaaa\n\nhp:vJyifp\n\n__form-name__:hero-form\n\n__unique_form_id__:{{var_dump(_context|slice(0,7))}}\n\n\n\n\n\n\n\n### Impact\nServer-Side Template (SST) vulnerability. The vulnerability affects the latest Grav version as of 25th of Match 2025 (1.7.48) with all plugins installed (including forms plugin v.7.4.2) to their latest versions as well.",
"id": "GHSA-8535-hvm8-2hmv",
"modified": "2025-12-02T01:25:33Z",
"published": "2025-12-02T01:25:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-8535-hvm8-2hmv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66298"
},
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458"
},
{
"type": "PACKAGE",
"url": "https://github.com/getgrav/grav"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Grav is vulnerable to Server-Side Template Injection (SSTI) via Forms"
}
GHSA-858Q-77WX-HHX6
Vulnerability from github – Published: 2025-12-02 01:24 – Updated: 2025-12-02 01:24Summary
A user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities.
Details
Grav CMS allows Twig to be executed in page templates if enabled in admin panel (process: twig: true). A user with publisher/editor privileges, that can create or edit pages and enable twig processing, can thereby inject arbitrary code that will execute in the context of the page render.
This enables exploitation of Grav internal APIs such as:
- grav.user.update() and grav.user.save() for escalating the current user to super admin or admin
- grav.scheduler.addCommand(), grav.scheduler.save() and grav.scheduler.run() for code execution
The Twig sandbox is not enforced in this context, allowing full access to any backend PHP object and method in the system/src/Grav/Common directory.
PoC
Preconditions:
- You must have access to a non-admin user with permission to create/edit pages (
admin.pagesaccess) - For Privilege Escalation, you also have to be logged in to the site with the same user as the admin panel.
Steps to reproduce Privilege Escalation:
- Login into the non-admin page (default at
cms-url/login). - Login to the admin panel, create or edit a page and set the Twig processing to true (Advanced -> Process: Twig: true).
- Inject the following payload into the page content to escalate privileges:
{% set _ = grav.user.update({
'access': {
'admin': {
'login': true,
'super': true
}
}
}, {}) %}
{% set _ = grav.user.save() %}
- Visit the edited/created page url. The logged in user is now admin. (Note: For the changes to show, you need to log out of the admin panel and relogin).
Steps to reproduce Remote Code Execution:
- Login to the admin panel, create or edit a page and set the Twig processing to true (Advanced -> Process: Twig: true).
- Inject the following payload into the page content to execute commands:
{% set _ = grav.scheduler.addCommand('curl', ['http://localhost:8000']) %}
{% set _ = grav.scheduler.save() %}
{% set _ = grav.scheduler.run() %}
- Visit the page to trigger the execution. The system will issue a
curlrequest.
Impact
This vulnerability allows: - Privilege Escalation from any user with page editing capabilities to full admin (super) access. - Remote Code Execution, as the attacker can run system arbitrary commands via the scheduler API.
It affects any Grav CMS installation where users with lower privileges are allowed to create or edit pages and Twig processing is not globally disabled.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "getgrav/grav"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0-beta.27"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-66297"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2025-12-02T01:24:19Z",
"nvd_published_at": "2025-12-01T21:15:53Z",
"severity": "HIGH"
},
"details": "### Summary\nA user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This results in both Privilege Escalation (PE) and Remote Code Execution (RCE) vulnerabilities.\n\n### Details\nGrav CMS allows Twig to be executed in page templates if enabled in admin panel (process: twig: true).\nA user with publisher/editor privileges, that can create or edit pages and enable twig processing, can thereby inject arbitrary code that will execute in the context of the page render.\n\nThis enables exploitation of Grav internal APIs such as:\n- `grav.user.update()` and `grav.user.save()` for escalating the current user to super admin or admin\n- `grav.scheduler.addCommand()`, `grav.scheduler.save()` and `grav.scheduler.run()` for code execution\n\nThe Twig sandbox is not enforced in this context, allowing full access to any backend PHP object and method in the `system/src/Grav/Common` directory.\n\n### PoC\n#### Preconditions:\n- You must have access to a **non-admin** user with permission to create/edit pages (```admin.pages``` access)\n- For Privilege Escalation, you also have to be logged in to the site with the same user as the admin panel.\n\n#### Steps to reproduce Privilege Escalation:\n1. Login into the non-admin page (default at `cms-url/login`).\n2. Login to the admin panel, create or edit a page and set the Twig processing to true (Advanced -\u003e Process: Twig: true).\n3. Inject the following payload into the page content to escalate privileges:\n```\n{% set _ = grav.user.update({\n \u0027access\u0027: {\n \u0027admin\u0027: {\n \u0027login\u0027: true,\n \u0027super\u0027: true\n }\n }\n}, {}) %}\n{% set _ = grav.user.save() %}\n```\n4. Visit the edited/created page url. The logged in user is now admin. (*Note: For the changes to show, you need to log out of the admin panel and relogin).*\n\n#### Steps to reproduce Remote Code Execution:\n1. Login to the admin panel, create or edit a page and set the Twig processing to true (Advanced -\u003e Process: Twig: true).\n2. Inject the following payload into the page content to execute commands:\n```\n{% set _ = grav.scheduler.addCommand(\u0027curl\u0027, [\u0027http://localhost:8000\u0027]) %}\n{% set _ = grav.scheduler.save() %}\n{% set _ = grav.scheduler.run() %}\n```\n3. Visit the page to trigger the execution. The system will issue a `curl` request.\n\n### Impact\nThis vulnerability allows:\n- Privilege Escalation from any user with page editing capabilities to full admin (super) access.\n- Remote Code Execution, as the attacker can run system arbitrary commands via the scheduler API.\n\nIt affects any Grav CMS installation where users with lower privileges are allowed to create or edit pages and Twig processing is not globally disabled.",
"id": "GHSA-858q-77wx-hhx6",
"modified": "2025-12-02T01:24:19Z",
"published": "2025-12-02T01:24:19Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-858q-77wx-hhx6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66297"
},
{
"type": "WEB",
"url": "https://github.com/getgrav/grav/commit/e37259527d9c1deb6200f8967197a9fa587c6458"
},
{
"type": "PACKAGE",
"url": "https://github.com/getgrav/grav"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Grav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig Injection"
}
Mitigation
Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.