CVE-2021-46433

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0220%

EPSS Percentile0.86th

Published2022年3月28日

Last Modified2024年11月21日

Vulnerability Description

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.

Affected Platforms (CPE)

📦

Fenom Project

Fenom

<= 2.12.1

References & Advisories

🔗 https://github.com/fenom-template/fenom/issues/331

関連する脆弱性情報

CVE-2021-3916710.0

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an act...

CVE-2021-3916810.0

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an act...

CVE-2021-3388510.0

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthen...

CVE-2021-3919910.0

remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-htm...