Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3841 | 2025-04-21 | 3.3 Low | ||
| A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2021-21353 | 1 Pugjs | 2 Pug, Pug-code-gen | 2025-04-16 | 6.8 Medium |
| Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade. | ||||
| CVE-2022-47896 | 1 Jetbrains | 1 Intellij Idea | 2025-04-15 | 5 Medium |
| In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnerable to SSTI attacks. | ||||
| CVE-2025-32461 | 2025-04-09 | 9.9 Critical | ||
| wikiplugin_includetpl in lib/wiki-plugins/wikiplugin_includetpl.php in Tiki before 28.3 mishandles input to an eval. The fixed versions are 21.12, 24.8, 27.2, and 28.3. | ||||
| CVE-2024-54954 | 1 Zhyd | 1 Oneblog | 2025-03-28 | 8 High |
| OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department. | ||||
| CVE-2024-52393 | 1 Podlove | 1 Podlove Podcast Publisher | 2025-03-21 | 9.1 Critical |
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15. | ||||
| CVE-2025-26865 | 2025-03-11 | 3.5 Low | ||
| Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18. It's a regression between 18.12.17 and 18.12.18. In case you use something like that, which is not recommended! For security, only official releases should be used. In other words, if you use 18.12.17 you are still safe. The version 18.12.17 is not a affected. But something between 18.12.17 and 18.12.18 is. In that case, users are recommended to upgrade to version 18.12.18, which fixes the issue. | ||||
| CVE-2025-2040 | 2025-03-06 | 6.3 Medium | ||
| A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-27516 | 1 Redhat | 9 Ansible Automation Platform, Enterprise Linux, Openshift and 6 more | 2025-03-05 | 7.3 High |
| Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6. | ||||
| CVE-2023-29297 | 1 Adobe | 2 Commerce, Magento | 2025-03-05 | 9.1 Critical |
| Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-47542 | 1 Fortinet | 1 Fortimanager | 2025-02-26 | 6.3 Medium |
| A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. | ||||
| CVE-2024-9150 | 2025-02-21 | N/A | ||
| Report generation functionality in Wyn Enterprise allows for code inclusion, but not sufficiently limits what code might be included. An attacker is able use a low privileges account in order to abuse this functionality and execute malicious code, load DLL libraries and executing OS commands on a host system with applications high privileges. This issue has been fixed in version 8.0.00204.0 | ||||
| CVE-2025-26789 | 2025-02-14 | N/A | ||
| An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment. | ||||
| CVE-2024-32651 | 1 Dgtlmoon | 1 Changedetection.io | 2025-02-13 | 10 Critical |
| changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced). | ||||
| CVE-2024-23692 | 1 Rejetto | 1 Http File Server | 2025-02-13 | 9.8 Critical |
| Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported. | ||||
| CVE-2024-48962 | 1 Apache | 1 Ofbiz | 2025-02-11 | 8.8 High |
| Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | ||||
| CVE-2023-2017 | 1 Shopware | 1 Shopware | 2025-02-05 | 8.8 High |
| Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. Users are advised to upgrade to v6.4.20.1 to resolve this issue. This is a bypass of CVE-2023-22731. | ||||
| CVE-2024-49271 | 1 Unlimited-elements | 2 Unlimited Elements For Elementor, Unlimited Elements For Elementor \(free Widgets\, Addons\, Templates\) | 2025-02-05 | 9.1 Critical |
| : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121. | ||||
| CVE-2023-2259 | 1 Alf | 1 Alf | 2025-02-04 | 7.2 High |
| Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | ||||
| CVE-2024-4040 | 1 Crushftp | 1 Crushftp | 2025-02-04 | 9.8 Critical |
| A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. | ||||