Lucene search
Veracode Vulnerability DatabaseVERACODE:28822HistoryDec 28, 2020 - 2:02 a.m.
Server-Side Template Injection
2020-12-2802:02:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.056 Low
EPSS
Percentile
93.3%
browserup-proxy is vulnerable to server-side template injection. The vulnerability exists through the lack of sanitization of value when displaying error messages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| browserup-proxy-rest | le | 2.1.1 |
References
github.com/advisories/GHSA-wmfg-55f9-j8hq
github.com/browserup/browserup-proxy/commit/4b38e7a3e20917e5c3329d0d4e9590bed9d578ab
github.com/browserup/browserup-proxy/releases/tag/v2.1.2
github.com/browserup/browserup-proxy/security/advisories/GHSA-wmfg-55f9-j8hq
securitylab.github.com/research/bean-validation-RCE
Related
veracode
veracode
Remote Code Execution (RCE)
2020-12-28 04:31:45
cvelist
cvelist
CVE-2020-26282 Template Injection in BrowserUp Proxy
2020-12-24 20:45:18
osv
osv
CVE-2020-26282
2020-12-24 21:15:12
Server-Side Template Injection
2020-12-24 20:49:34
cve
cve
CVE-2020-26282
2020-12-24 21:15:12
prion
prion
Remote code execution
2020-12-24 21:15:00
nvd
nvd
CVE-2020-26282
2020-12-24 21:15:12
github
github
Server-Side Template Injection
2020-12-24 20:49:34