Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JinJava Bypass through ForTag leads to Arbitrary Java Execution
Vulnerability Description
JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java execution via bypass through ForTag. This allows arbitrary Java class instantiation and file access bypassing built-in sandbox restrictions. This issue has been patched in versions 2.7.6 and 2.8.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
HubSpot Jinjava 安全漏洞
Vulnerability Description
HubSpot Jinjava是美国HubSpotn个人开发者的一个应用软件。提供基于Java的模板模板引擎,基于Django模板语法,适用于呈现jinja模板。 HubSpot Jinjava 2.7.6之前版本和2.8.3之前版本存在安全漏洞,该漏洞源于通过ForTag绕过限制,可能导致任意Java执行。
CVSS Information
N/A
Vulnerability Type
N/A