Vulnerabilities > CVE-2022-37767 - Incorrect Authorization vulnerability in Pebbletemplates Pebble Templates 3.1.5

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pebbletemplates

CWE-863

critical

NVD

Published: 2022-09-12

Updated: 2024-04-11

Summary

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input.

Vulnerable Configurations

Part	Description	Count
Application	Pebbletemplates Pebbletemplates Pebble Templates 3.1.5	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References