Описание
Grav may be vulnerable to SSRF attack via Twig Templates
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered.
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
<= 1.7.49.5
Отсутствует
Связанные уязвимости
CVSS3: 9.1
nvd
около 2 месяцев назад
In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered