CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

CNVD•added 2019/01/04 12:0 a.m.•1 views

Unspecified vulnerability in Jinjava

Jinjava is a Java-based Jinja template engine . A security vulnerability exists in Jinjava versions prior to 2.4.6. No details of the vulnerability are provided at this time...

5.3CVSS9.2AI score0.00453EPSS

Exploits0References1

OSV•added 2019/01/03 1:29 a.m.•1 views

CVE-2018-18893

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java...

5.3CVSS7.3AI score0.00453EPSS

Exploits0References2

NVD•added 2019/01/03 1:29 a.m.•13 views

CVE-2018-18893

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java...

5.3CVSS6.3AI score0.00453EPSS

Exploits0References2

Prion•added 2019/01/03 1:29 a.m.•11 views

Design/Logic Flaw

Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java...

5CVSS5.5AI score0.00453EPSS

Exploits0References2Affected Software1

CVE•added 2019/01/03 1:0 a.m.•76 views

CVE-2018-18893

CVE-2018-18893 affects Jinjava up to version 2.4.5; the vulnerability arises because JinjavaBeanELResolver does not block getClass, enabling potential attacker-controlled object types to influence evaluation. Public references (GHSA, OSV, Veracode) describe risks of remote code execution or arbit...

5.3CVSS5.5AI score0.00453EPSS

Exploits0References2Affected Software1