CVE-2024-37301

Document Merge Service (versions ≤ 6.5.1) is vulnerable to remote code execution via server-side template injection (SSTI). The root cause is insufficient input sanitization/validation in template handling, allowing an attacker to execute code with the document-merge-server user (UID 901) and pot...