Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.7 views

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

9.8CVSS7.8AI score0.01093EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2022/09/13 12:0 a.m.8 views

ai.djl.timeseries:timeseries (>=0.19.0 <=0.32.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +289 more potentially affected by CVE-2022-37767 via io.pebbletemplates:pebble (>=2.5.0 <=3.1.5)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =6.5.1, =6.0.0, =12.0.0-beta, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2022-37767 Source advisory: OSV:GHSA-WXX5-W9JC-48WX...

9.8CVSS7.2AI score0.01093EPSS
Exploits1
CVE
CVE
added 2022/09/12 12:0 a.m.74 views

CVE-2022-37767

Pebble Templates 3.1.5 is described as vulnerable to bypassing a protection mechanism that could enable arbitrary code execution via springbok. The root cause cited by multiple sources is improper validation/handling of allowed methods (e.g., BlacklistMethodAccessValidator) within the templating ...

9.8CVSS9.8AI score0.01093EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/09/12 12:0 a.m.10 views

CVE-2022-37767

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from...

9.8CVSS9.8AI score0.01093EPSS
Exploits1References4
Rows per page
Query Builder