GitHub_MCVELIST:CVE-2023-34448CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.6%
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter() function, did not block other built-in functions exposed by Twig’s Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig map() and reduce() filter functions in system/src/Grav/Common/Twig/Extension/GravExtension.php to validate the argument passed to the filter in $arrow.
CNA Affected
[
{
"vendor": "getgrav",
"product": "grav",
"versions": [
{
"version": "< 1.7.42",
"status": "affected"
}
]
}
]References
github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8
github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8
github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148
huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.6%