Lucene search
Veracode Vulnerability DatabaseVERACODE:27975HistoryNov 24, 2020 - 7:31 a.m.
Sandbox Escape
2020-11-2407:31:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.0004 Low
EPSS
Percentile
12.7%
October is vulnerable to arbitrary code execution. An authenticated backend user with cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions is allowed to write malicious Twig code leading to an escape from sandbox even if cms.enableSafeMode is set. This vulnerability is a bypass of the fix applied for CVE-2020-15247.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | eq | 1.1.0 | |
| october/october | le | 1.0.469 | |
| october/cms | eq | 1.1.0 | |
| october/cms | le | 1.0.469 |
Related
osv
osv
Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:54:18
CVE-2020-26231
2020-11-23 21:15:12
CVE-2021-21264
2021-05-03 16:15:07
cve
cve
cvelist
cvelist
CVE-2020-26231 Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:55:14
CVE-2021-21264 Bypass of fix for CVE-2020-26231, Twig sandbox escape
2021-05-03 16:00:18
nvd
nvd
github
github
Bypass of fix for CVE-2020-15247, Twig sandbox escape
2020-11-23 20:54:18
Bypass of fix for CVE-2020-26231, Twig sandbox escape
2021-05-04 17:42:33
prion
prion
Design/Logic Flaw
2020-11-23 21:15:00
Design/Logic Flaw
2021-05-03 16:15:00
Double free
2020-11-23 20:15:00
veracode
veracode
Arbitrary Code Execution
2020-11-24 01:52:25
Sandbox Escape
2021-05-04 02:05:30