Lucene search
GitHub_MCVELIST:CVE-2020-11056HistoryMay 07, 2020 - 8:50 p.m.
CVE-2020-11056 Potential Code Injection in Sprout Forms
2020-05-0720:50:12
CWE-94
GitHub_M
www.cve.org
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
31.2%
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0.
CNA Affected
[
{
"product": "Sprout Forms",
"vendor": "barrelstrength",
"versions": [
{
"status": "affected",
"version": "< 3.9.0"
}
]
}
]Related
cve
cve
CVE-2020-11056
2020-05-07 21:15:11
osv
osv
CVE-2020-11056
2020-05-07 21:15:11
Potential Code Injection in Sprout Forms
2020-05-08 21:00:02
nvd
nvd
CVE-2020-11056
2020-05-07 21:15:11
github
github
Potential Code Injection in Sprout Forms
2020-05-08 21:00:02
veracode
veracode
Server-Side Template Injection (SSTI)
2020-05-08 05:10:53
prion
prion
Template injection
2020-05-07 21:15:00
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
31.2%
Related for CVELIST:CVE-2020-11056