Veracode Vulnerability DatabaseVERACODE:43810Remote Code Execution (RCE)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.8%
cachethq/cachet is vulnerable to Remote Code Execution (RCE). The vulnerability is caused by a flaw in the way Cachet handles twig templates. An attacker is able to exploit this flaw by injecting malicious code into a template, which will then be executed when the template is rendered.
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
30.8%