EPSS
Percentile
30.1%
The problem affects users who use the sandbox in Latte and templates from untrusted sources.
Sandbox first appeared in Latte 2.8.0. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8.
The issues were discovered by
github.com/nette/latte
github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0
github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j
nvd.nist.gov/vuln/detail/CVE-2022-21648