CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
CVE-2023-29297 (GCVE-0-2023-29297)
Vulnerability from cvelistv5 – Published: 2023-06-15 00:00 – Updated: 2025-03-05 18:56
VLAI
Title
Admin-to-admin stored XSS via cache poisoning
Summary
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.
Severity
9.1 (Critical)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine(CWE-1336)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Magento Commerce |
Affected:
unspecified , ≤ 2.4.6
(custom)
Affected: unspecified , ≤ 2.4.5-p2 (custom) Affected: unspecified , ≤ 2.4.4-p3 (custom) Affected: unspecified , ≤ None (custom) |
Date Public
2023-06-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:44.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29297",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T18:37:01.455961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T18:56:15.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Magento Commerce",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2.4.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.5-p2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.4.4-p3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine(CWE-1336)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T00:00:00.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"url": "https://helpx.adobe.com/security/products/magento/apsb23-35.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Admin-to-admin stored XSS via cache poisoning"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2023-29297",
"datePublished": "2023-06-15T00:00:00.000Z",
"dateReserved": "2023-04-04T00:00:00.000Z",
"dateUpdated": "2025-03-05T18:56:15.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34252 (GCVE-0-2023-34252)
Vulnerability from cvelistv5 – Published: 2023-06-14 21:38 – Updated: 2024-12-18 19:03
VLAI
Title
Grav Server-side Template Injection via Insufficient Validation in filterFilter
Summary
Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them.
Severity
8.8 (High)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/getgrav/grav/security/advisori… | x_refsource_CONFIRM |
| https://github.com/getgrav/grav/commit/244758d438… | x_refsource_MISC |
| https://github.com/getgrav/grav/blob/1.7.40/syste… | x_refsource_MISC |
| https://github.com/getgrav/grav/blob/1.7.40/syste… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w"
},
{
"name": "https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T19:02:44.830549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:03:09.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T22:17:06.852Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w"
},
{
"name": "https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074"
}
],
"source": {
"advisory": "GHSA-96xv-rmwj-6p9w",
"discovery": "UNKNOWN"
},
"title": "Grav Server-side Template Injection via Insufficient Validation in filterFilter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34252",
"datePublished": "2023-06-14T21:38:48.358Z",
"dateReserved": "2023-05-31T13:51:51.174Z",
"dateUpdated": "2024-12-18T19:03:09.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34253 (GCVE-0-2023-34253)
Vulnerability from cvelistv5 – Published: 2023-06-14 22:00 – Updated: 2024-12-18 21:39
VLAI
Title
Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass
Summary
Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- (1) using unsafe functions that are not banned, (2) using capitalised callable names, and (3) using fully-qualified names for referencing callables. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. A patch in version 1.7.42 improves the denylist.
Severity
8.8 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/getgrav/grav/security/advisori… | x_refsource_CONFIRM |
| https://github.com/getgrav/grav/commit/71bbed12f9… | x_refsource_MISC |
| https://github.com/getgrav/grav/blob/1.7.40/syste… | x_refsource_MISC |
| https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec… | x_refsource_MISC |
| https://www.github.com/getgrav/grav/commit/9d6a2d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm"
},
{
"name": "https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1952-L2190",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1952-L2190"
},
{
"name": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/"
},
{
"name": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T21:39:27.743179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T21:39:39.981Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- (1) using unsafe functions that are not banned, (2) using capitalised callable names, and (3) using fully-qualified names for referencing callables. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. A patch in version 1.7.42 improves the denylist."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T22:16:52.675Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm"
},
{
"name": "https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b"
},
{
"name": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1952-L2190",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1952-L2190"
},
{
"name": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/"
},
{
"name": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83"
}
],
"source": {
"advisory": "GHSA-j3v8-v77f-fvgm",
"discovery": "UNKNOWN"
},
"title": "Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34253",
"datePublished": "2023-06-14T22:00:12.569Z",
"dateReserved": "2023-05-31T13:51:51.175Z",
"dateUpdated": "2024-12-18T21:39:39.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34448 (GCVE-0-2023-34448)
Vulnerability from cvelistv5 – Published: 2023-06-14 22:06 – Updated: 2024-12-18 21:38
VLAI
Title
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Summary
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.
Severity
8.8 (High)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/getgrav/grav/security/advisori… | x_refsource_CONFIRM |
| https://github.com/getgrav/grav/commit/8c2c1cb726… | x_refsource_MISC |
| https://github.com/twigphp/Twig/blob/v1.44.7/src/… | x_refsource_MISC |
| https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec… | x_refsource_MISC |
| https://www.github.com/getgrav/grav/commit/9d6a2d… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8"
},
{
"name": "https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8"
},
{
"name": "https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148"
},
{
"name": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/"
},
{
"name": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34448",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T21:38:33.590208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T21:38:44.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.42"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig\u0027s Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-14T22:16:40.551Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8"
},
{
"name": "https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8"
},
{
"name": "https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148"
},
{
"name": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/",
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/"
},
{
"name": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83"
}
],
"source": {
"advisory": "GHSA-whr7-m3f8-mpm8",
"discovery": "UNKNOWN"
},
"title": "Grav Server-side Template Injection (SSTI) via Twig Default Filters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34448",
"datePublished": "2023-06-14T22:06:01.338Z",
"dateReserved": "2023-06-06T16:16:53.558Z",
"dateUpdated": "2024-12-18T21:38:44.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41047 (GCVE-0-2023-41047)
Vulnerability from cvelistv5 – Published: 2023-10-09 15:18 – Updated: 2024-09-19 16:47
VLAI
Title
Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint
Summary
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.
Severity
6.2 (Medium)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OctoPrint/OctoPrint/security/a… | x_refsource_CONFIRM |
| https://github.com/OctoPrint/OctoPrint/commit/d00… | x_refsource_MISC |
| https://github.com/OctoPrint/OctoPrint/releases/t… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph"
},
{
"name": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db"
},
{
"name": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:octoprint:octoprint:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "octoprint",
"vendor": "octoprint",
"versions": [
{
"lessThan": "1.9.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T16:43:52.751548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T16:47:17.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "OctoPrint",
"vendor": "OctoPrint",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-09T15:18:06.331Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph"
},
{
"name": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db"
},
{
"name": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3"
}
],
"source": {
"advisory": "GHSA-fwfg-vprh-97ph",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in OctoPrint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41047",
"datePublished": "2023-10-09T15:18:06.331Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2024-09-19T16:47:17.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46245 (GCVE-0-2023-46245)
Vulnerability from cvelistv5 – Published: 2023-10-31 15:06 – Updated: 2024-08-02 20:37
VLAI
Title
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Summary
Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates.
Severity
7.2 (High)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/kimai/kimai/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/kimai/kimai/commit/38e37f1c2e9… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw"
},
{
"name": "https://github.com/kimai/kimai/commit/38e37f1c2e91e1acb221ec5c13f11b735bd50ae4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kimai/kimai/commit/38e37f1c2e91e1acb221ec5c13f11b735bd50ae4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kimai",
"vendor": "kimai",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software\u0027s PDF and HTML rendering functionalities. Version 2.1.0 enables security measures for custom Twig templates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T16:38:46.831Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kimai/kimai/security/advisories/GHSA-fjhg-96cp-6fcw"
},
{
"name": "https://github.com/kimai/kimai/commit/38e37f1c2e91e1acb221ec5c13f11b735bd50ae4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kimai/kimai/commit/38e37f1c2e91e1acb221ec5c13f11b735bd50ae4"
}
],
"source": {
"advisory": "GHSA-fjhg-96cp-6fcw",
"discovery": "UNKNOWN"
},
"title": "Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46245",
"datePublished": "2023-10-31T15:06:23.359Z",
"dateReserved": "2023-10-19T20:34:00.948Z",
"dateUpdated": "2024-08-02T20:37:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47542 (GCVE-0-2023-47542)
Vulnerability from cvelistv5 – Published: 2024-04-09 14:24 – Updated: 2025-02-26 18:40
VLAI
Summary
A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates.
Severity
CWE
- CWE-1336 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiManager |
Affected:
7.4.0 , ≤ 7.4.1
(semver)
Affected: 7.2.0 , ≤ 7.2.4 (semver) Affected: 7.0.0 , ≤ 7.0.10 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortimanager:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fortimanager",
"vendor": "fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
},
{
"lessThan": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:40:35.733370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:40:53.696Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:09:37.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-419",
"tags": [
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-23-419"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.4",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T14:24:24.616Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-419",
"url": "https://fortiguard.com/psirt/FG-IR-23-419"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiManager version 7.4.2 or above \nPlease upgrade to FortiManager version 7.2.5 or above \nPlease upgrade to FortiManager version 7.0.11 or above \n"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2023-47542",
"datePublished": "2024-04-09T14:24:24.616Z",
"dateReserved": "2023-11-06T10:35:25.828Z",
"dateUpdated": "2025-02-26T18:40:53.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5764 (GCVE-0-2023-5764)
Vulnerability from cvelistv5 – Published: 2023-12-12 22:01 – Updated: 2025-11-20 18:07
VLAI
Title
Ansible: template injection
Summary
A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.
Severity
7.1 (High)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:7773 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-5764 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2247629 | issue-trackingx_refsource_REDHAT |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected:
1:2.15.8-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 8 |
Unaffected:
1:2.15.8-1.el8ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
Unaffected:
1:2.15.8-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.4 for RHEL 9 |
Unaffected:
1:2.15.8-1.el9ap , < *
(rpm)
cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el8 cpe:/a:redhat:ansible_automation_platform:2.4::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8 |
Date Public
2023-11-02 12:57
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T03:55:28.216152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:39:40.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-25T13:07:31.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"name": "RHBZ#2247629",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X7Q6CHPVCHMZS5M7V22GOKFSXZAQ24EU/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241025-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el8ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el9ap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el8",
"cpe:/a:redhat:ansible_automation_platform:2.4::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8"
],
"defaultStatus": "affected",
"packageName": "ansible-core",
"product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "1:2.15.8-1.el9ap",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-11-02T12:57:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A template injection flaw was found in Ansible where a user\u0027s controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:07:16.802Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7773"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5764"
},
{
"name": "RHBZ#2247629",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247629"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-02T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-02T12:57:00.000Z",
"value": "Made public."
}
],
"title": "Ansible: template injection",
"x_redhatCweChain": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5764",
"datePublished": "2023-12-12T22:01:33.467Z",
"dateReserved": "2023-10-25T10:27:46.601Z",
"dateUpdated": "2025-11-20T18:07:16.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-6709 (GCVE-0-2023-6709)
Vulnerability from cvelistv5 – Published: 2023-12-12 04:05 – Updated: 2024-10-08 19:52
VLAI
Title
Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow
Summary
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
Severity
10 (Critical)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mlflow | mlflow/mlflow |
Affected:
unspecified , < 2.9.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:14.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6709",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T19:52:15.727038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T19:52:57.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mlflow/mlflow",
"vendor": "mlflow",
"versions": [
{
"lessThan": "2.9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T04:05:45.542Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d"
},
{
"url": "https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625"
}
],
"source": {
"advisory": "9e4cc07b-6fff-421b-89bd-9445ef61d34d",
"discovery": "EXTERNAL"
},
"title": "Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2023-6709",
"datePublished": "2023-12-12T04:05:45.542Z",
"dateReserved": "2023-12-12T04:05:31.022Z",
"dateUpdated": "2024-10-08T19:52:57.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6743 (GCVE-0-2023-6743)
Vulnerability from cvelistv5 – Published: 2024-05-29 04:30 – Updated: 2026-04-08 16:42
VLAI
Title
Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import
Summary
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server.
Severity
8.8 (High)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unitecms | Unlimited Elements For Elementor |
Affected:
0 , ≤ 1.5.89
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:unitecms:unlimited_elements_for_elementor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unlimited_elements_for_elementor",
"vendor": "unitecms",
"versions": [
{
"lessThanOrEqual": "1.5.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T17:57:15.779347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T18:03:42.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unlimited Elements For Elementor",
"vendor": "unitecms",
"versions": [
{
"lessThanOrEqual": "1.5.89",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nex Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and above, to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:42:32.886Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25f71a19-85b1-4bc9-b193-d9de2eba81ee?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_output.class.php#L1765"
},
{
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/core/plugins/unlimited_elements/elementor/elementor_widget.class.php#L3948"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3010986/unlimited-elements-for-elementor#file6"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3015166/unlimited-elements-for-elementor"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-28T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Unlimited Elements for Elementor \u003c= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6743",
"datePublished": "2024-05-29T04:30:13.621Z",
"dateReserved": "2023-12-12T16:25:42.382Z",
"dateUpdated": "2026-04-08T16:42:32.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Phase: Implementation
Description:
- Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.