CVE-2024-37301

Опубликовано: 11 июн. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.

Ссылки

https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074
https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6
https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074
https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6

EPSS

Процентиль: 90%

0.05604

Низкий

7.2 High

CVSS3

Дефекты

CWE-1336

Связанные уязвимости

GHSA-v5gf-r78h-55q6