7 matches found
EUVD-2025-5076
Malicious code in bioql PyPI...
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro
Summary If untrusted user input is used to dynamically create a PebbleTemplate with the method PebbleEnginegetLiteralTemplate, then an attacker can include arbitrary local files from the file system into the generated template, leaking potentially sensitive information into the output of...
ai.djl.timeseries:timeseries (>=0.19.0 <=0.36.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +575 more potentially affected by CVE-2025-1686 via io.pebbletemplates:pebble (>=2.5.0 <=4.1.1)
io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =2.5.0, =2.5.0, =4.1.0, =16.5.0, =16.6.0 and more Source cves: CVE-2025-1686 Source advisory: SNYK:JAVA-IOPEBBLETEMPLATES-8745594...
CVE-2025-27137
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...
CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...
CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates
Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...
Dependency-Track 安全漏洞
Dependency-Track is Dependency-Track's open source set of intelligent supply chain component analysis platforms for identifying third-party component risks. A security vulnerability exists in Dependency-Track versions prior to 4.12.6, which stems from improper handling of include tags in the Pebb...