Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-21648HistoryJan 04, 2022 - 8:15 p.m.
CVE-2022-21648
2022-01-0420:15:00
Debian Security Bug Tracker
security-tracker.debian.org
4
0.001 Low
EPSS
Percentile
26.4%
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | php-nette | < 2.4-20160731-1 | php-nette_2.4-20160731-1_all.deb |
Related
cve
cve
CVE-2022-21648
2022-01-04 20:15:08
osv
osv
Sandbox bypass in Latte templates
2022-01-06 23:17:07
CVE-2022-21648
2022-01-04 20:15:08
nvd
nvd
CVE-2022-21648
2022-01-04 20:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-01-05 05:42:02
cvelist
cvelist
CVE-2022-21648 Sandbox bypass in Latte templates
2022-01-04 20:10:11
github
github
Sandbox bypass in Latte templates
2022-01-06 23:17:07
ubuntucve
ubuntucve
CVE-2022-21648
2022-01-04 00:00:00
cnvd
cnvd
Latte Cross-Site Scripting Vulnerability
2022-01-06 00:00:00
prion
prion
Design/Logic Flaw
2022-01-04 20:15:00