2 matches found
CVE-2023-37897
creationtimestamp| type| source ---|---|--- 2023-07-19 00:36:16+00:00| seen| https://t.me/cibsecurity/66958...
CVE-2023-37897
Grav SSTI CVE-2023-37897 affects Grav’s Twig engine due to a denial-list bypass introduced in the fix for a prior SSTI vulnerability. The isDangerousFunction() function returns false when a backslash is found, allowing payloads such as {{ ['id'] | map('\system') | join() }} to bypass the denylist...