Количество 2
Количество 2
CVE-2024-37301
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.
GHSA-v5gf-r78h-55q6
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-37301 Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed. | CVSS3: 7.2 | 6% Низкий | больше 1 года назад |
| GHSA-v5gf-r78h-55q6 document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection | CVSS3: 7.2 | 6% Низкий | больше 1 года назад |
Уязвимостей на страницу