6.8 Medium
AI Score
Confidence
High
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.057 Low
EPSS
Percentile
93.3%
JWIG might allow context-dependent attackers to cause a denial of service (service degradation) via loops of references to external templates. NOTE: this issue has been disputed by multiple third parties who state that only the application developer can trigger the issue, so no privilege boundaries are crossed. However, it seems possible that this is a vulnerability class to which an JWIG application may be vulnerable if template contents can be influenced, but this would be an issue in the application itself, not JWIG
CPE | Name | Operator | Version |
---|---|---|---|
brics:jwig | brics jwig | eq | * |
lists.grok.org.uk/pipermail/full-disclosure/2007-July/064768.html
lists.grok.org.uk/pipermail/full-disclosure/2007-July/064933.html
seclists.org/bugtraq/2007/Jul/0206.html
seclists.org/fulldisclosure/2007/Jul/0446.html
seclists.org/fulldisclosure/2007/Jul/0451.html
www.secniche.org/papers/HackAnnotationsInJWIG.pdf
www.securityfocus.com/archive/1/473707/100/0/threaded
www.securityfocus.com/archive/1/474474/100/200/threaded
www.securityfocus.com/bid/24974
www.securitytracker.com/id?1018432
exchange.xforce.ibmcloud.com/vulnerabilities/35515