Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2025/02/28 7:45 p.m.4 views

ai.djl.timeseries:timeseries (>=0.19.0 <=0.33.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +482 more potentially affected by CVE-2025-1686 +1 more via io.pebbletemplates:pebble (>=2.5.0 <=3.2.3)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =16.5.0, =6.5.1, =6.0.0, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2025-1686, CVE-2025-27137 Source advisory: OSV:GHSA-P75G-CXFJ-7WRX...

6.8CVSS6.7AI score0.00782EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/27 8:58 a.m.5 views

CVE-2025-1686

A flaw was found in Pebble Templates. This vulnerability allows high-privileged attackers to access sensitive local files via the include tag, enabling arbitrary file inclusion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

6.8CVSS6.4AI score0.00782EPSS
Exploits1References7
OSV
OSV
added 2025/02/27 5:15 a.m.5 views

CVE-2025-1686

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or...

4.9CVSS5.8AI score0.00782EPSS
Exploits1References5
NVD
NVD
added 2025/02/27 5:15 a.m.16 views

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

6.8CVSS0.00782EPSS
Exploits1References6
CVE
CVE
added 2025/02/27 5:0 a.m.71 views

CVE-2025-1686

CVE-2025-1686 affects io.pebbletemplates:pebble across all versions, enabling External Control of File Name or Path via the include tag. The root cause is the include macro resolving the provided relativePath against the template name, which for literal templates can resolve to the filesystem roo...

6.8CVSS6.6AI score0.00782EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder