Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
InvenTree has SSTI in PART_NAME_FORMAT bypasses CVE-2026-27629 fix via {% if part.pk %} sandbox escape
Vulnerability Description
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed jinja2.Environment. Additionally, the validator uses a dummy Part instance with pk=None, which allows conditional template expressions to behave differently during validation versus production rendering. A staff user with settings access can craft a template that passes validation but executes arbitrary code during rendering. This issue requires access by a user with granted staff permissions. This vulnerability is fixed in 1.2.7 and 1.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
InvenTree 安全漏洞
Vulnerability Description
InvenTree是InvenTree开源的一个开源库存管理系统。提供强大的低级库存控制和零件跟踪。 InvenTree 1.2.3至1.2.6版本存在安全漏洞,该漏洞源于验证器与实际渲染器环境不匹配,且使用虚拟实例进行验证,可能导致具有员工权限的用户在渲染时执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A