Lucene search
K

6 matches found

OSV
OSV
added 2022/03/07 12:0 a.m.149 views

GHSA-PH3V-2HQ5-5QFQ Code injection in RazorEngine

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS9.6AI score0.01832EPSS
Exploits2References3
OSV
OSV
added 2022/03/06 6:15 a.m.33 views

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS9.6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/06 6:15 a.m.5 views

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8CVSS8.1AI score0.01832EPSS
Exploits2References2
Prion
Prion
added 2022/03/06 6:15 a.m.15 views

Code injection

UNSUPPORTED WHEN ASSIGNED In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer...

7.5CVSS9.6AI score0.01832EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/03/06 5:29 a.m.17 views

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

9.8AI score0.01832EPSS
Exploits2References1
CVE
CVE
added 2022/03/06 5:29 a.m.140 views

CVE-2021-46703

CVE-2021-46703 affects Antaris RazorEngine (IsolatedRazorEngine component) up to version 4.5.1-alpha001. The vulnerability allows an attacker to execute arbitrary .NET code in a sandboxed environment when template contents can be externally controlled, effectively escaping the sandbox. A public e...

9.8CVSS9.5AI score0.01832EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder