1. Home
  2. Vulnerabilities
  3. CVE-2022-37767

CVE-2022-37767

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 0.33 % (71th)
0.33% Progress
Affected Products 1
Advisories 1
NVD Status Modified
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input.

Weaknesses
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
NVD Status
Modified
CNA
MITRE
Published Date
2022-09-12 14:15:09
(2 years ago)
Updated Date
2024-08-03 11:15:42
(6 weeks ago)

Affected Products

Pebbletemplates

Configuration #1

    CPE23 From Up To
  Pebbletemplates Pebble Templates 3.1.5 cpe:2.3:a:pebbletemplates:pebble_templates:3.1.5