5 matches found
ai.djl.timeseries:timeseries (>=0.19.0 <=0.33.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +482 more potentially affected by CVE-2025-1686 +1 more via io.pebbletemplates:pebble (>=2.5.0 <=3.2.3)
io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =16.5.0, =6.5.1, =6.0.0, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2025-1686, CVE-2025-27137 Source advisory: OSV:GHSA-P75G-CXFJ-7WRX...
CVE-2025-1686
A flaw was found in Pebble Templates. This vulnerability allows high-privileged attackers to access sensitive local files via the include tag, enabling arbitrary file inclusion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...
CVE-2025-1686
All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or...
CVE-2025-1686
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...
CVE-2025-1686
CVE-2025-1686 affects io.pebbletemplates:pebble across all versions, enabling External Control of File Name or Path via the include tag. The root cause is the include macro resolving the provided relativePath against the template name, which for literal templates can resolve to the filesystem roo...