Lucene search

Veracode Vulnerability DatabaseVERACODE:40972

HistoryJun 21, 2023 - 7:09 a.m.

Server-side Template Injection(SSTI)

2023-06-2107:09:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

server-side template injection

grav

twig

cve-2022-2073

validation checks

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.4%

JSON

getgrav/grav is vulnerable to Server-side Template Injection (SSTI). An authenticated remote attacker is able to cause server side template injection via the Twig engine which renders risky functions by default, such as system. Insufficient fix in addressing CVE-2022-2073 allows the bypass of the denylist in validation checks.

CPENameOperatorVersion
getgrav/gravle1.7.41.2
getgrav/gravle1.7.41.2

CPE	Name	Operator	Version
	getgrav/grav	le	1.7.41.2
	getgrav/grav	le	1.7.41.2

References

github.com/advisories/GHSA-j3v8-v77f-fvgm

github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1952-L2190

github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec

github.com/getgrav/grav/commit/71bbed12f950de8335006d7f91112263d8504f1b

github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8

github.com/getgrav/grav/commit/9d01140a63c77075ef09b26ef57cf186138151a5

github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm

huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/

research.prod.srcclr.io/artifacts/36212

www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for VERACODE:40972