2 matches found
CVE-2026-48708
OliveTin is affected by a race condition in the template engine. In versions up to 3000.0.0, a single shared text/template.Template instance (tpl) is used across all goroutines, and actions perform tpl.Parse(source) followed by t.Execute() without synchronization. Under concurrent ExecRequests, t...
CVE-2026-48708 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination
OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...