Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Access Control Bypass
Vulnerability Description
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
latte 安全漏洞
Vulnerability Description
Latte是Nette基金会的一个 Php 的模板引擎。 latte 2.10.6之前版本存在安全漏洞,该漏洞源于软件当中的allowFunctions存在方法可以绕过,这会影响应用程序的安全性。当模板被设置为允许不允许使用某些函数时,在函数之后添加控制字符(x00-x08)将绕过这些限制。
CVSS Information
N/A
Vulnerability Type
N/A