This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
CPE | Name | Operator | Version |
---|---|---|---|
latte/latte | eq | 2.5.2 | |
latte/latte | eq | 2.2.9 | |
latte/latte | eq | 2.2.2 | |
latte/latte | eq | 2.8.4 | |
latte/latte | eq | 2.3.2 | |
latte/latte | eq | 2.4.3 | |
latte/latte | eq | 2.4.7 | |
latte/latte | eq | 2.10.2 | |
latte/latte | eq | 2.2.4 | |
latte/latte | eq | 2.4.2 |