Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCTI affected by RCE via notifier template
Vulnerability Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform process during notifier template execution. This vulnerability is fixed in 6.9.5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
CWE-1336
Vulnerability Title
OpenCTI 安全漏洞
Vulnerability Description
OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 6.9.5之前版本存在安全漏洞,该漏洞源于safeEjs.ts文件未正确清理EJS模板,可能导致具有管理自定义能力的用户在通知程序模板执行期间运行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A