CVE-2024-34461

CRITICAL9.8EPSS 0.16%

Zenario uses Twig filters insecurely in the Twig Snippet plugin

發布日:2024/5/4修改日:2025/3/31

描述

Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator.

受影響套件(1)

Packagist/tribalsystems/zenariofrom 0, < 9.5.60437

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-34461
PATCHhttps://github.com/TribalSystems/Zenario
WEBhttps://github.com/TribalSystems/Zenario/commit/72afb59da34bace812bffb195d01168a357ff664
WEBhttps://zenar.io/zenario-9/blog/zenario-9560437-patch-released