CVE-2021-29440

Опубликовано: 13 апр. 2021

Источник: nvd

CVSS3: 8.4

CVSS3: 7.2

CVSS2: 6.5

EPSS Средний

Описание

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.

Ссылки

http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
Exploit
Third Party Advisory
https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
Third Party Advisory
https://packagist.org/packages/getgrav/grav
Product
Third Party Advisory
http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilities
Exploit
Third Party Advisory
https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxc
Third Party Advisory
https://packagist.org/packages/getgrav/grav
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*

Версия до 1.7.11 (исключая)

EPSS

Процентиль: 94%

0.14435

Средний

8.4 High

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-g8r4-p96j-xfxc

CVSS3: 8.4

github

почти 5 лет назад

Grav's Twig processing allowing dangerous PHP functions by default

EPSS

Процентиль: 94%

0.14435

Средний

8.4 High

CVSS3

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-94