CVE-2021-41170

CRITICAL Year: 2021
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-74
View all →

Vulnerability Description

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input or database values. A multi-step attack on is therefore plausible. Version 1.1.1 has addressed this vulnerability. Unfortunately only working with hardcoded values is safe in prior versions. As this likely defeats the purpose of a template engine, please upgrade.

Related Vulnerabilities

CVE-2005-3056

CRITICAL
CVSS:9.8(Critical)

TWiki allows arbitrary shell command execution via the Include function

CWE-742005

CVE-2011-2717

CRITICAL
CVSS:9.8(Critical)

The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message...

CWE-742011

CVE-2012-1495

CRITICAL
CVSS:9.8(Critical)

install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.

CWE-742012

CVE-2013-1437

CRITICAL
CVSS:9.8(Critical)

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.

CWE-742013

CVE-2013-2010

CRITICAL
CVSS:9.8(Critical)

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability

CWE-742013

CVE-2013-2095

CRITICAL
CVSS:9.8(Critical)

rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection

CWE-742013