Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2025/02/28 7:45 p.m.5 views

ai.djl.timeseries:timeseries (>=0.19.0 <=0.33.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +482 more potentially affected by CVE-2025-1686 +1 more via io.pebbletemplates:pebble (>=2.5.0 <=3.2.3)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =16.5.0, =6.5.1, =6.0.0, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2025-1686, CVE-2025-27137 Source advisory: OSV:GHSA-P75G-CXFJ-7WRX...

6.8CVSS6.7AI score0.00782EPSS
Exploits1
NVD
NVD
added 2025/02/24 9:15 p.m.7 views

CVE-2025-27137

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

4.4CVSS0.00175EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/02/24 8:59 p.m.14 views

CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

4.4CVSS0.00175EPSS
Exploits0References6
CVE
CVE
added 2025/02/24 8:59 p.m.60 views

CVE-2025-27137

Summary: CVE-2025-27137 affects Dependency-Track where templates are evaluated with Pebble and can be manipulated via the include tag. Prior to version 4.12.6, users with the SYSTEM_CONFIGURATION permission could exploit include to read arbitrary local files (e.g., /etc/passwd, /proc/1/environ) b...

4.4CVSS6.5AI score0.00175EPSS
Exploits0References6
Rows per page
Query Builder