Lucene search
Veracode Vulnerability DatabaseVERACODE:32850HistoryNov 09, 2021 - 8:20 a.m.
Arbitrary Code Execution
2021-11-0908:20:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
60.8%
neoan3-apps/template is vulnerable to arbitrary code execution (RCE) attacks. An attacker could execute global or local functions & methods by storing particular values into the database via closures that are known to be eventually rendered by the template engine resulting in arbitrary code execution attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| neoan3-apps/template | le | 1.1.0 | |
| neoan3-apps/template | le | 1.1.0 |
References
github.com/sroehrl/neoan3-template/commit/47269808fac28354fa20c77bec29919967cc4830
github.com/sroehrl/neoan3-template/commit/4a2c9570f071d3c8f4ac790007599cba20e16934
github.com/sroehrl/neoan3-template/issues/8
github.com/sroehrl/neoan3-template/pull/9
github.com/sroehrl/neoan3-template/security/advisories/GHSA-3v56-q6r6-4gcw
Related
cve
cve
CVE-2021-41170
2021-11-08 19:15:07
osv
osv
Insecure Inherited Permissions in neoan3-apps/template
2021-11-10 16:41:08
CVE-2021-41170
2021-11-08 19:15:07
cvelist
cvelist
nvd
nvd
CVE-2021-41170
2021-11-08 19:15:07
prion
prion
Hardcoded credentials
2021-11-08 19:15:00
github
github
Insecure Inherited Permissions in neoan3-apps/template
2021-11-10 16:41:08