Lucene search
GitHub Advisory DatabaseGHSA-WXX5-W9JC-48WXHistorySep 13, 2022 - 12:00 a.m.
Pebble Templates protection mechanism bypass can lead to arbitrary code execution
2022-09-1300:00:39
CWE-863
GitHub Advisory Database
github.com
9
pebble templates
protection mechanism
bypass
arbitrary code execution
springbok
software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.3%
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.
Affected configurations
Node
io.pebbletemplates\Matchpebble
| CPE | Name | Operator | Version |
|---|---|---|---|
| io.pebbletemplates:pebble | le | 3.1.5 |
Related
prion
prion
Input validation
2022-09-12 14:15:00
cve
cve
CVE-2022-37767
2022-09-12 14:15:09
osv
osv
nvd
nvd
CVE-2022-37767
2022-09-12 14:15:09
cvelist
cvelist
CVE-2022-37767
2022-09-12 00:00:00
veracode
veracode
Arbitrary Code Execution Via Authorization Bypass
2022-09-16 11:57:27
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.3%
Related for GHSA-WXX5-W9JC-48WX