CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
CVE-2021-39128 (GCVE-0-2021-39128)
Vulnerability from cvelistv5
Published
2021-09-16 05:20
Modified
2024-10-10 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Atlassian | Jira Server |
Version: unspecified < 8.13.12 Version: 8.14.0 < unspecified Version: unspecified < 8.19.1 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:17.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-72804"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_data_center",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.13.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.19.1",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jira_server",
"vendor": "atlassian",
"versions": [
{
"lessThan": "8.13.12",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "8.19.1",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-39128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T15:57:33.380939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:00:53.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Jira Server",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.13.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.19.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Jira Data Center",
"vendor": "Atlassian",
"versions": [
{
"lessThan": "8.13.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.14.0",
"versionType": "custom"
},
{
"lessThan": "8.19.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T05:20:10",
"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"shortName": "atlassian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.atlassian.com/browse/JRASERVER-72804"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2021-09-16T00:00:00",
"ID": "CVE-2021-39128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.13.12"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.19.1"
}
]
}
},
{
"product_name": "Jira Data Center",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.13.12"
},
{
"version_affected": "\u003e=",
"version_value": "8.14.0"
},
{
"version_affected": "\u003c",
"version_value": "8.19.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. The affected versions of Jira Server or Data Center are before version 8.13.12, and from version 8.14.0 before 8.19.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-72804",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/JRASERVER-72804"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
"assignerShortName": "atlassian",
"cveId": "CVE-2021-39128",
"datePublished": "2021-09-16T05:20:10.512566Z",
"dateReserved": "2021-08-16T00:00:00",
"dateUpdated": "2024-10-10T16:00:53.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4315 (GCVE-0-2021-4315)
Vulnerability from cvelistv5
Published
2023-01-28 22:58
Modified
2024-08-03 17:23
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.219676"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.219676"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/NYUCCL/psiTurk/pull/517"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/NYUCCL/psiTurk/commit/47787e15cecd66f2aa87687bf852ae0194a4335f"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/NYUCCL/psiTurk/releases/tag/v3.2.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "psiTurk",
"vendor": "NYUCCL",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "3.1"
},
{
"status": "affected",
"version": "3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676."
},
{
"lang": "de",
"value": "In NYUCCL psiTurk bis 3.2.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei psiturk/experiment.py. Mittels Manipulieren des Arguments mode mit unbekannten Daten kann eine improper neutralization of special elements used in a template engine-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 3.2.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 47787e15cecd66f2aa87687bf852ae0194a4335f bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T13:50:31.040Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.219676"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.219676"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/NYUCCL/psiTurk/pull/517"
},
{
"tags": [
"patch"
],
"url": "https://github.com/NYUCCL/psiTurk/commit/47787e15cecd66f2aa87687bf852ae0194a4335f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/NYUCCL/psiTurk/releases/tag/v3.2.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-27T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-02-23T18:25:25.000Z",
"value": "VulDB entry last update"
}
],
"title": "NYUCCL psiTurk experiment.py special elements used in a template engine"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4315",
"datePublished": "2023-01-28T22:58:03.669Z",
"dateReserved": "2023-01-27T22:39:05.635Z",
"dateUpdated": "2024-08-03T17:23:10.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0323 (GCVE-0-2022-0323)
Vulnerability from cvelistv5
Published
2022-01-21 18:00
Modified
2024-08-02 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| bobthecow | bobthecow/mustache.php |
Version: unspecified < 2.14.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bobthecow/mustache.php",
"vendor": "bobthecow",
"versions": [
{
"lessThan": "2.14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T18:00:17",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e"
}
],
"source": {
"advisory": "a5f5a988-aa52-4443-839d-299a63f44fb7",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0323",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Special Elements Used in a Template Engine in bobthecow/mustache.php"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bobthecow/mustache.php",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.14.1"
}
]
}
}
]
},
"vendor_name": "bobthecow"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7"
},
{
"name": "https://github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e",
"refsource": "MISC",
"url": "https://github.com/bobthecow/mustache.php/commit/579ffa5c96e1d292c060b3dd62811ff01ad8c24e"
}
]
},
"source": {
"advisory": "a5f5a988-aa52-4443-839d-299a63f44fb7",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0323",
"datePublished": "2022-01-21T18:00:17",
"dateReserved": "2022-01-20T00:00:00",
"dateUpdated": "2024-08-02T23:25:40.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0896 (GCVE-0-2022-0896)
Vulnerability from cvelistv5
Published
2022-03-09 11:20
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| microweber | microweber/microweber |
Version: unspecified < 1.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "microweber/microweber",
"vendor": "microweber",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T11:20:09",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
],
"source": {
"advisory": "113056f1-7a78-4205-9f42-940ad41d8df0",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0896",
"STATE": "PUBLIC",
"TITLE": "Improper Neutralization of Special Elements Used in a Template Engine in microweber/microweber"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "microweber/microweber",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.3"
}
]
}
}
]
},
"vendor_name": "microweber"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/113056f1-7a78-4205-9f42-940ad41d8df0"
},
{
"name": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5",
"refsource": "MISC",
"url": "https://github.com/microweber/microweber/commit/e0224462b3dd6b1f7c6ec1197413afc6019bc3b5"
}
]
},
"source": {
"advisory": "113056f1-7a78-4205-9f42-940ad41d8df0",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0896",
"datePublished": "2022-03-09T11:20:09",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0944 (GCVE-0-2022-0944)
Vulnerability from cvelistv5
Published
2022-03-15 01:00
Modified
2024-08-02 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sqlpad | sqlpad/sqlpad |
Version: unspecified < 6.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:42.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sqlpad/sqlpad/commit/3f92be386c6cd3e5eba75d85f0700d3ef54daf73"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sqlpad/sqlpad",
"vendor": "sqlpad",
"versions": [
{
"lessThan": "6.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T01:00:15",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sqlpad/sqlpad/commit/3f92be386c6cd3e5eba75d85f0700d3ef54daf73"
}
],
"source": {
"advisory": "46630727-d923-4444-a421-537ecd63e7fb",
"discovery": "EXTERNAL"
},
"title": "Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0944",
"STATE": "PUBLIC",
"TITLE": "Template injection in connection test endpoint leads to RCE in sqlpad/sqlpad"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sqlpad/sqlpad",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "6.10.1"
}
]
}
}
]
},
"vendor_name": "sqlpad"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/46630727-d923-4444-a421-537ecd63e7fb"
},
{
"name": "https://github.com/sqlpad/sqlpad/commit/3f92be386c6cd3e5eba75d85f0700d3ef54daf73",
"refsource": "MISC",
"url": "https://github.com/sqlpad/sqlpad/commit/3f92be386c6cd3e5eba75d85f0700d3ef54daf73"
}
]
},
"source": {
"advisory": "46630727-d923-4444-a421-537ecd63e7fb",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0944",
"datePublished": "2022-03-15T01:00:15",
"dateReserved": "2022-03-14T00:00:00",
"dateUpdated": "2024-08-02T23:47:42.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25813 (GCVE-0-2022-25813)
Vulnerability from cvelistv5
Published
2022-09-02 07:10
Modified
2024-08-03 04:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the "Contact us" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OFBiz |
Version: Apache OFBiz < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OFBiz",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "18.12.05",
"status": "affected",
"version": "Apache OFBiz",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Matei \"Mal\" Badanoiu"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message \u201cSubject\u201d field from the \"Contact us\" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible."
}
],
"metrics": [
{
"other": {
"content": {
"other": "High"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-02T11:06:16",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-25813",
"STATE": "PUBLIC",
"TITLE": "Server-Side Template Injection affecting the ecommerce plugin of Apache OFBiz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OFBiz",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache OFBiz",
"version_value": "18.12.05"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": " Matei \"Mal\" Badanoiu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message \u201cSubject\u201d field from the \"Contact us\" page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "High"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/vmj5s0qb59t0lvzf3vol3z1sc3sgyb2b"
},
{
"name": "[oss-security] 20220902 Apache OFBiz - Server-Side Template Injection (CVE-2022-25813)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/4"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-25813",
"datePublished": "2022-09-02T07:10:18",
"dateReserved": "2022-02-23T00:00:00",
"dateUpdated": "2024-08-03T04:49:43.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-27662 (GCVE-0-2022-27662)
Vulnerability from cvelistv5
Published
2022-05-05 16:29
Modified
2024-09-16 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 | Traffix SDC |
Version: 5.2.x < 5.2.2 Version: 5.1.x < 5.1.35 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K24248011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Traffix SDC",
"vendor": "F5",
"versions": [
{
"lessThan": "5.2.2",
"status": "affected",
"version": "5.2.x",
"versionType": "custom"
},
{
"lessThan": "5.1.35",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2022-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T16:29:10",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K24248011"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2022-05-04T19:45:00.000Z",
"ID": "CVE-2022-27662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Traffix SDC",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.2.x",
"version_value": "5.2.2"
},
{
"version_affected": "\u003c",
"version_name": "5.1.x",
"version_value": "5.1.35"
}
]
}
}
]
},
"vendor_name": "F5"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K24248011",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K24248011"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2022-27662",
"datePublished": "2022-05-05T16:29:10.065731Z",
"dateReserved": "2022-04-19T00:00:00",
"dateUpdated": "2024-09-16T20:16:37.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2017 (GCVE-0-2023-2017)
Vulnerability from cvelistv5
Published
2023-04-17 10:18
Modified
2025-02-05 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Shopware AG | Shopware 6 |
Version: 0 ≤ 6.4.20.0 Version: 6.5.0.0-rc1 ≤ 6.5.0.0-rc4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:12:19.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://starlabs.sg/advisories/23/23-2017/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2017",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T20:46:34.501269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T20:46:43.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Shopware 6",
"vendor": "Shopware AG",
"versions": [
{
"lessThanOrEqual": "6.4.20.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.0.0-rc4",
"status": "affected",
"version": "6.5.0.0-rc1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ngo Wei Lin (@Creastery) of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-side Template Injection (SSTI) in Shopware 6 (\u0026lt;= v6.4.20.0, v6.5.0.0-rc1 \u0026lt;= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.\u003cbr\u003e"
}
],
"value": "Server-side Template Injection (SSTI) in Shopware 6 (\u003c= v6.4.20.0, v6.5.0.0-rc1 \u003c= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\\Core\\Framework\\Adapter\\Twig\\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-19T06:34:45.957Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://docs.shopware.com/en/shopware-6-en/security-updates/security-update-04-2023"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/shopware/platform/security/advisories/GHSA-7v2v-9rm4-7m8f"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/23/23-2017/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nUsers are advised to upgrade to v6.4.20.1 to resolve this issue.\n\n\u003cbr\u003e"
}
],
"value": "Users are advised to upgrade to v6.4.20.1 to resolve this issue.\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Control of Generation of Code in Twig Rendered Views in Shopware",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2023-2017",
"datePublished": "2023-04-17T10:18:27.543Z",
"dateReserved": "2023-04-13T04:21:56.530Z",
"dateUpdated": "2025-02-05T20:46:43.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2259 (GCVE-0-2023-2259)
Vulnerability from cvelistv5
Published
2023-04-24 00:00
Modified
2025-02-04 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Summary
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| alfio-event | alfio-event/alf.io |
Version: unspecified < 2.0-M4-2304 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2259",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T16:49:02.529147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:49:08.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "alfio-event/alf.io",
"vendor": "alfio-event",
"versions": [
{
"lessThan": "2.0-M4-2304",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e753bce0-ce82-463b-b344-2f67b39b60ff"
},
{
"url": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2"
}
],
"source": {
"advisory": "e753bce0-ce82-463b-b344-2f67b39b60ff",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in alfio-event/alf.io"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2259",
"datePublished": "2023-04-24T00:00:00.000Z",
"dateReserved": "2023-04-24T00:00:00.000Z",
"dateUpdated": "2025-02-04T16:49:08.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27995 (GCVE-0-2023-27995)
Vulnerability from cvelistv5
Published
2023-04-11 16:05
Modified
2024-10-23 14:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1336 - Information disclosure
Summary
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:23:30.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-051",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-051"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:11:23.807257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T14:30:21.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiSOAR",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.3.1",
"status": "affected",
"version": "7.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T16:05:43.728Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-051",
"url": "https://fortiguard.com/psirt/FG-IR-23-051"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiSOAR version 8.0.0 or above Please upgrade to FortiSOAR version 7.3.2 or above Please upgrade to FortiSOAR version 7.2.3 or above Please upgrade to FortiSOAR version 7.0.4 or above Please upgrade to FortiSOAR version 6.6.0 or above Please upgrade to FortiSOAR version 6.4.5 or above "
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-27995",
"datePublished": "2023-04-11T16:05:43.728Z",
"dateReserved": "2023-03-09T10:09:33.119Z",
"dateUpdated": "2024-10-23T14:30:21.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Phase: Implementation
Description:
- Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.