Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-23803HistoryDec 17, 2021 - 8:15 p.m.
CVE-2021-23803
2021-12-1720:15:00
Debian Security Bug Tracker
security-tracker.debian.org
6
0.003 Low
EPSS
Percentile
71.0%
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | php-nette | < 2.4-20160731-1 | php-nette_2.4-20160731-1_all.deb |
Related
cve
cve
CVE-2021-23803
2021-12-17 20:15:08
osv
osv
CVE-2021-23803
2021-12-17 20:15:08
Incorrect Authorization in latte/latte
2022-01-06 20:56:27
nvd
nvd
CVE-2021-23803
2021-12-17 20:15:08
github
github
Incorrect Authorization in latte/latte
2022-01-06 20:56:27
prion
prion
Authentication flaw
2021-12-17 20:15:00
cvelist
cvelist
CVE-2021-23803 Access Control Bypass
2021-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-23803
2021-12-17 00:00:00