Описание
All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ.
Workaround
This vulnerability can be mitigated by disabling the include macro in Pebble Templates:
java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
Ссылки
- Issue Tracking
- Issue TrackingVendor Advisory
- Product
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
6.8 Medium
CVSS3
4.9 Medium
CVSS3
Дефекты
Связанные уязвимости
All versions of the package io.pebbletemplates:pebble are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files like /etc/passwd or /proc/1/environ. Workaround This vulnerability can be mitigated by disabling the include macro in Pebble Templates: java new PebbleEngine.Builder() .registerExtensionCustomizer(new DisallowExtensionCustomizerBuilder() .disallowedTokenParserTags(List.of("include")) .build()) .build();
Pebble has Arbitrary Local File Inclusion (LFI) Vulnerability via `include` macro
EPSS
6.8 Medium
CVSS3
4.9 Medium
CVSS3