4 matches found
CVE-2022-37767
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...
ai.djl.timeseries:timeseries (>=0.19.0 <=0.32.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +289 more potentially affected by CVE-2022-37767 via io.pebbletemplates:pebble (>=2.5.0 <=3.1.5)
io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =6.5.1, =6.0.0, =12.0.0-beta, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2022-37767 Source advisory: OSV:GHSA-WXX5-W9JC-48WX...
CVE-2022-37767
Pebble Templates 3.1.5 is described as vulnerable to bypassing a protection mechanism that could enable arbitrary code execution via springbok. The root cause cited by multiple sources is improper validation/handling of allowed methods (e.g., BlacklistMethodAccessValidator) within the templating ...
CVE-2022-37767
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...