Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 10:15 p.m.5 views

jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine

Summary Description An Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse as template source. This affec...

6.2AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-9587

Malware in sbrugna...

7.2CVSS7AI score0.01512EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.6 views

CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...

7.2CVSS7.3AI score0.01512EPSS
Exploits1References1
Prion
Prion
added 2019/12/26 4:15 a.m.13 views

Design/Logic Flaw

Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...

6.5CVSS7.2AI score0.01512EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/12/26 3:38 a.m.17 views

CVE-2019-19999

Halo before 1.2.0-beta.1 allows Server Side Template Injection SSTI because TemplateClassResolver.SAFERRESOLVER is not used in the FreeMarker configuration...

7.2AI score0.01512EPSS
Exploits1References3
CVE
CVE
added 2019/12/26 3:38 a.m.54 views

CVE-2019-19999

Halo prior to 1.2.0-beta.1 is vulnerable to Server Side Template Injection (SSTI) because FreeMarker configuration does not use TemplateClassResolver.SAFER_RESOLVER. The issue affects Halo’s template handling and can allow injection via SSTI in untrusted template processing. Affected: Halo versio...

7.2CVSS7.1AI score0.01512EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder