Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:54 a.m.11 views

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

9.9CVSS8AI score0.01031EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/13 4:43 a.m.19 views

Server-side Template Injection (SSTI)

documentmergeservice is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...

9.9CVSS7.1AI score0.01031EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/06/11 7:16 p.m.30 views

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

7.2CVSS0.01031EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 6:34 p.m.14 views

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

7.2CVSS8AI score0.01031EPSS
Exploits0References2
CVE
CVE
added 2024/06/11 6:34 p.m.90 views

CVE-2024-37301

Document Merge Service (versions ≤ 6.5.1) is vulnerable to remote code execution via server-side template injection (SSTI). The root cause is insufficient input sanitization/validation in template handling, allowing an attacker to execute code with the document-merge-server user (UID 901) and pot...

7.2CVSS9.9AI score0.01031EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 6:34 p.m.15 views

CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

7.2CVSS9.4AI score0.01031EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/11 12:0 a.m.5 views

PT-2024-27459

Name of the Vulnerable Software and Affected Versions Document Merge Service versions 6.5.1 and prior Description The issue allows for remote code execution via server-side template injection, which can result in full takeover of the affected system when executed as root. This gives an attacker...

7.2CVSS8.9AI score0.01031EPSS
Exploits0References13
Rows per page
Query Builder