2 matches found
CVE-2022-21648
Latte (PHP template engine) versions since 2.8.0 expose a sandbox escape in the built-in template sandbox, allowing injection into HTML pages generated from Latte and potentially enabling XSS. The issue is confirmed by multiple sources and is fixed in version 2.8.8, 2.9.6, and 2.10.8. If upgradin...
CVE-2021-23803
The CVE affects latte/latte before 2.10.6. A bypass of allowFunctions is possible by inserting control characters (x00–x08) after a function, which bypasses the template restrictions and can compromise application security. The documents do not provide a vendor patch/version remediation; no expli...