6 matches found
jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine
Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...
EUVD-2019-9587
Malware in sbrugna...
CVE-2019-19999
Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...
Design/Logic Flaw
Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...
CVE-2019-19999
Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...
CVE-2019-19999
Halo prior to 1.2.0-beta.1 is vulnerable to Server Side Template Injection (SSTI) because FreeMarker configuration does not use TemplateClassResolver.SAFER_RESOLVER. The issue affects Halo’s template handling and can allow injection via SSTI in untrusted template processing. Affected: Halo versio...