10 matches found
EUVD-2020-0435
Malware in sbrugna...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
Potential Code Injection in Sprout Forms
Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...
GHSA-PX8V-HXXX-2RGH Potential Code Injection in Sprout Forms
Impact A potential Server-Side Template Injection vulnerability exists in Sprout Forms which could lead to the execution of Twig code. Patches The problem is fixed inbarrelstrength/sprout-forms:v3.9.0 which upgrades to barrelstrength/sprout-base-email:v1.2.7 Workarounds Users unable to upgrade...
Sprout Forms Code Injection Vulnerability
Sprout Forms is a form builder plugin. A code injection vulnerability exists in Sprout Forms versions prior to 3.9.0. An attacker can exploit this vulnerability to execute Twig code...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
Template injection
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2020-11056 Potential Code Injection in Sprout Forms
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2020-11056
In Sprout Forms below version 3.9.0, there is a Server-Side Template Injection vulnerability when using custom fields in Notification Emails that can lead to execution of Twig code. Root cause: unsafely interpolating user-controlled fields in email templates, enabling Twig execution. Impact descr...