5 matches found
CVE-2026-2415
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
GHSA-R8P8-QW9W-J9QV pretix unsafely evaluates variables in emails
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...
PYSEC-2026-110
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
CVE-2026-2415 Unsafe variable evaluation in email templates
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
CVE-2026-2415
The CVE-2026-2415 affects pretix email templates where placeholders are rendered insecurely. Two issues are described: (1) information exfiltration via malicious placeholder names (e.g., {{event.init .code .co_filename}}) that can leak config data, including passwords or API keys, due to incomple...