Veracode Vulnerability DatabaseVERACODE:40965Server-Side Template Injection (SSTI)
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.6%
getgrav/grav is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists because the Filter function of GravExtension.php does not properly block the other built-in functions exposed by Twig’s Core Extension, which allows an attacker to invoke arbitrary unsafe functions, leading to remote code execution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| getgrav/grav | le | 1.7.41.2 | |
| getgrav/grav | le | 1.7.41.2 |
References
github.com/advisories/GHSA-whr7-m3f8-mpm8
github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8
github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83#diff-a85d37d04dd05856c061a673dcedb849de79194bb315500bd681fb001484d644R1694
github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8
github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148
huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.008 Low
EPSS
Percentile
81.6%