sarrionandia tournatrack Jinja2 Template check_id.py injection

A vulnerability classified as critical was found in sarrionandia tournatrack up to 4c13a23f43da5317eea4614870a7a8510fc540ec. Affected by this vulnerability is an unknown functionality of the file check_id.py of the component Jinja2 Template Handler. The manipulation of the argument ID leads to injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

输出中的特殊元素转义处理不恰当(注入)

tournatrack 安全漏洞

tournatrack是Tito Sarrionandia个人开发者的一个跟踪器。 tournatrack存在安全漏洞，该漏洞源于文件check_id.py中参数ID操作导致注入。

N/A

N/A