Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Antaris RazorEngine 安全漏洞
Vulnerability Description
Antaris RazorEngine是英国Matthew Abbott个人开发者的一个基于微软 Razor 解析引擎的开源模板引擎。 Antaris RazorEngine 4.5.1-alpha001版本及之前版本的 IsolatedRazorEngine 存在安全漏洞,攻击者可利用该漏洞可以在沙箱环境中执行任意.NET代码(如果用户可以从外部控制模板内容)。注意:此漏洞只影响维护人员不再支持的产品。
CVSS Information
N/A
Vulnerability Type
N/A