{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-55652", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-12-10T14:47:08.666Z", "datePublished": "2024-12-11T22:41:16.664Z", "dateUpdated": "2024-12-12T16:32:39.666Z"}, "containers": {"cna": {"title": "PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc"}, {"name": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6", "tags": ["x_refsource_MISC"], "url": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6"}, {"name": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260", "tags": ["x_refsource_MISC"], "url": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260"}], "affected": [{"vendor": "pwndoc", "product": "pwndoc", "versions": [{"version": "< 1d4219c596f4f518798492e48386a20c6e9a2fe6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T22:41:16.664Z"}, "descriptions": [{"lang": "en", "value": "PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue."}], "source": {"advisory": "GHSA-jw5r-6927-hwpc", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T16:31:10.619876Z", "id": "CVE-2024-55652", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T16:32:39.666Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-55652", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-12T16:31:10.619876Z"}}}], "references": [{"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T16:32:16.749Z"}}], "cna": {"title": "PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters", "source": {"advisory": "GHSA-jw5r-6927-hwpc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "pwndoc", "product": "pwndoc", "versions": [{"status": "affected", "version": "< 1d4219c596f4f518798492e48386a20c6e9a2fe6"}]}], "references": [{"url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", "name": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6", "name": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260", "name": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T22:41:16.664Z"}}}, "cveMetadata": {"cveId": "CVE-2024-55652", "state": "PUBLISHED", "dateUpdated": "2024-12-12T16:32:39.666Z", "dateReserved": "2024-12-10T14:47:08.666Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-11T22:41:16.664Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue."}, {"lang": "es", "value": " PenDoc es una aplicaci\u00f3n de generaci\u00f3n de informes de pruebas de penetraci\u00f3n. Antes de la confirmaci\u00f3n 1d4219c596f4f518798492e48386a20c6e9a2fe6, un atacante pod\u00eda escribir una plantilla docx maliciosa que contuviera expresiones que escaparan del entorno limitado de JavaScript para ejecutar c\u00f3digo arbitrario en el sistema. Un atacante que pueda controlar el contenido del documento de plantilla puede ejecutar c\u00f3digo arbitrario en el sistema. De forma predeterminada, solo los usuarios con el rol \"admin\" pueden crear o actualizar plantillas. La confirmaci\u00f3n 1d4219c596f4f518798492e48386a20c6e9a2fe6 soluciona el problema."}], "id": "CVE-2024-55652", "lastModified": "2024-12-12T17:15:11.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-12T02:15:32.377", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/pwndoc/pwndoc/blob/main/backend/src/lib/report-filters.js#L258-L260"}, {"source": "security-advisories@github.com", "url": "https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6"}, {"source": "security-advisories@github.com", "url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/pwndoc/pwndoc/security/advisories/GHSA-jw5r-6927-hwpc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}