7 matches found
CVE-2024-37301
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
Server-side Template Injection (SSTI)
documentmergeservice is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to insufficient input sanitization and validation in the handling of templates within the Document Merge Service, which allows attackers to inject malicious code into templates, which is then...
CVE-2024-37301
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
CVE-2024-37301
Document Merge Service (versions ≤ 6.5.1) is vulnerable to remote code execution via server-side template injection (SSTI). The root cause is insufficient input sanitization/validation in template handling, allowing an attacker to execute code with the document-merge-server user (UID 901) and pot...
CVE-2024-37301 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
PT-2024-27459
Name of the Vulnerable Software and Affected Versions Document Merge Service versions 6.5.1 and prior Description The issue allows for remote code execution via server-side template injection, which can result in full takeover of the affected system when executed as root. This gives an attacker...