PT-2023-12153 · Jfinal · Jfinal

Name of the Vulnerable Software and Affected Versions: jFinal version 4.9.08 Description: A Server-Side Template Injection SSTI issue allows a remote attacker to execute arbitrary code via the template function. This enables the attacker to potentially gain control over the server. Recommendation...

CVE-2021-31635

CVE-2021-31635 : JFinal v4.9.08 contains a Server-Side Template Injection (SSTI) flaw in the template function that allows remote code execution. The NVD entry assigns a critical 9.8 base score (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Public references and distributor entries (Red Hat, Veracode, GH...

SUSE CVE-2021-23358

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized...

PT-2022-24984 · WordPress · Ultimate Member Plugin

Name of the Vulnerable Software and Affected Versions: Ultimate Member Plugin versions up to 2.5.0 Description: A critical issue has been found in the Template Handler component, specifically affecting the load template function of the file includes/core/class-shortcodes.php. The manipulation of...

Zinc Delete Template Function Cross-Site Scripting Vulnerability

Zinc is a full-text indexing search engine open sourced by Zinc Labs. Zinc v0.1.9 and later, v0.3.1 and earlier versions have a cross-site scripting vulnerability that can be exploited by attackers to obtain sensitive information such as user credentials...

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Mobile web: upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary The mobile web view in Confluence is currently using underscore.js 1.3.3. However, it is being affected due to CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template functio...

Arbitrary Code Injection

smarty/smarty is vulnerable to arbitrary code injection. The vulnerability exists due to incorrect logic in block name and include file name assignments in setting buffer for template function which allows an attacker to inject and execute malicious code...

GHSA-PHWQ-J96M-2C2Q ejs template injection vulnerability

The ejs aka Embedded JavaScript templates package 3.1.6 for Node.js allows server-side template injection in settingsview optionsoutputFunctionName. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command which is executed upon template...

Atlassian Jira Remote Code Execution Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to a remote code execution vulnerability that originates when a networked system or product does not properly validate incoming data. An attacker could use this vulnerability to execute...

Atlassian Jira 安全漏洞

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to a remote code execution vulnerability that originates when a networked system or product does not properly validate incoming data. An attacker could use this vulnerability to execute...

Withdrawn: Arbitrary code execution in lodash

Withdrawn GitHub has chosen to publish this CVE as a withdrawn advisory due to it not being a security issue. See this issue for more details. CVE description " DISPUTED A command injection vulnerability in Lodash 4.17.21 allows attackers to achieve arbitrary code execution via the template...

Lodash command injection vulnerability

Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...

CVE-2021-41720

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2021-41720

Removed by vendor...

编号撤回

Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...

nodejs-underscore: Arbitrary code execution via the template function

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

MGASA-2021-0269 Updated puddletag packages fix security vulnerability

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized CVE-2021-23358...

Updated puddletag packages fix security vulnerability

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injectio via the template function, particularly when a variable property is passed as an argument as it is not sanitized CVE-2021-23358...

CVE-2021-23358 - Need to upgrade Underscore.js to 1.13.1 or higher

h3. Issue Summary Jira system is currently using underscore.js 1.9.1. However, it is being affected due to CVE-2021-23358|https://vulners.com/cve/CVE-2021-23358 The package underscore from 1.13.0-0 and before 1.13.0-2 From 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the...