Grav 跨站脚本漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a cross-site scripting vulnerability. This...

EUVD-2024-0770

Malicious code in bioql PyPI...

PT-2024-22273 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: The issue arises due to unrestricted access to the twig extension class from the Grav context, allowing an attacker to redefine config variables and bypass previous SSTI mitigation. This can lead to...