CVE-2021-23803
The CVE affects latte/latte before 2.10.6. A bypass of allowFunctions is possible by inserting control characters (x00–x08) after a function, which bypasses the template restrictions and can compromise application security. The documents do not provide a vendor patch/version remediation; no expli...