EUVD-2022-3096

Malicious code in bioql PyPI...

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

CVE-2019-19899

Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism intended to block access to instances of java.lang.Class because getClass is accessible via the public static java.lang.Class java.lang.Class.forNamejava.lang.Module,java.lang.String signature...

GHSA-P75G-CXFJ-7WRX Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro

Summary If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEnginegetLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-1686

All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-1686

CVE-2025-1686 affects io.pebbletemplates:pebble across all versions, enabling External Control of File Name or Path via the include tag. The root cause is the include macro resolving the provided relativePath against the template name, which for literal templates can resolve to the filesystem roo...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

PT-2025-8914

Name of the Vulnerable Software and Affected Versions io.pebbletemplates:pebble versions affected versions not specified Description The issue allows an attacker to control file names or paths via the include tag, potentially accessing sensitive local files like /etc/passwd or /proc/1/environ by...

Pebble 安全漏洞

Pebble is a Java template engine open-sourced by PebbleTemplates. A security vulnerability exists in Pebble that stems from easy external control of file names or paths via include tags, which allows an elevated-privilege attacker to access sensitive local files by crafting malicious notification...

External Control of File Name or Path

Overview io.pebbletemplates:pebble is a java templating engine inspired by Twig. Affected versions of this package are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates...

ai.djl.timeseries:timeseries (>=0.19.0 <=0.36.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +580 more potentially affected by CVE-2025-1686 via io.pebbletemplates:pebble (>=2.5.0 <=4.1.2)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =2.5.0, =2.5.0, =4.1.0, =16.5.0, =16.6.0 and more Source cves: CVE-2025-1686 Source advisory: SNYK:JAVA-IOPEBBLETEMPLATES-8745594...

Arbitrary Code Execution Via Authorization Bypass

Pebble Templates is vulnerable to arbitrary code execution via authorization bypass. The vulnerability exists in BlacklistMethodAccessValidator.java because the methods that are allowed to access by pebble are not properly handled which allows an attacker to bypass and execute arbitrary codes...

GHSA-WXX5-W9JC-48WX Pebble Templates protection mechanism bypass can lead to arbitrary code execution

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok...

Pebble Templates protection mechanism bypass can lead to arbitrary code execution

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok...

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

Input validation

DISPUTED Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not...