CVE-2021-23803
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P
Summary
This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | latte/latte | unspecified < 2.10.6 | affected |
Weaknesses
- Access Control Bypass
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-PHP-LATTELATTE-1932226
- https://github.com/nette/latte/issues/279
- https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210
References
- https://snyk.io/vuln/SNYK-PHP-LATTELATTE-1932226
- https://github.com/nette/latte/issues/279
- https://github.com/nette/latte/commit/227c86eda9a8a6d060ea8501923e768b6d992210
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.