Количество 2
Количество 2
CVE-2020-28246
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
GHSA-52vj-mr2j-f8jh
Server-Side Template Injection in formio
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-28246 A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins. | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад |
| GHSA-52vj-mr2j-f8jh Server-Side Template Injection in formio | CVSS3: 9.8 | 3% Низкий | больше 3 лет назад |
Уязвимостей на страницу