Lucene search
GoogleOSV:GHSA-36M2-8RHX-F36JHistoryJan 06, 2022 - 11:17 p.m.
Sandbox bypass in Latte templates
2022-01-0623:17:07
Google
osv.dev
11
latte templates
sandbox bypass
untrusted sources
jinyitong
θ΅΅ι°θΏͺ
software
EPSS
0.001
Percentile
30.1%
Impact
The problem affects users who use the sandbox in Latte and templates from untrusted sources.
Patches
Sandbox first appeared in Latte 2.8.0. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8.
References
The issues were discovered by
- JinYiTong (https://github.com/JinYiTong)
- θ΅΅ι°θΏͺ <[email protected]>
Related
prion
prion
Design/Logic Flaw
2022-01-04 20:15:00
cve
cve
CVE-2022-21648
2022-01-04 20:15:08
nvd
nvd
CVE-2022-21648
2022-01-04 20:15:08
cnvd
cnvd
Latte Cross-Site Scripting Vulnerability
2022-01-06 00:00:00
ubuntucve
ubuntucve
CVE-2022-21648
2022-01-04 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2022-01-05 05:42:02
debiancve
debiancve
CVE-2022-21648
2022-01-04 20:15:00
github
github
Sandbox bypass in Latte templates
2022-01-06 23:17:07
osv
osv
CVE-2022-21648
2022-01-04 20:15:08
cvelist
cvelist
CVE-2022-21648 Sandbox bypass in Latte templates
2022-01-04 20:10:11