[jira] [Created] (FREEMARKER-202) SRCCLR-SID-30023 - SSTI

KV (Jira) Wed, 15 Dec 2021 10:01:32 -0800

KV created FREEMARKER-202:
-----------------------------

             Summary: SRCCLR-SID-30023 - SSTI 
                 Key: FREEMARKER-202
                 URL: https://issues.apache.org/jira/browse/FREEMARKER-202
             Project: Apache Freemarker
          Issue Type: Bug
            Reporter: KV



Long-standing vulnerability.

[https://sca.analysiscenter.veracode.com/vulnerability-database/security/server-side-template-injection-ssti/java/sid-30023]
freemarker is vulnerable to server-side template injection (SSTI). By using 
`java.security.ProtectionDomain.getClassLoader` templates, an attacker is able 
to gain access to the classloader and subsequently the filesystem or execute 
arbitrary code on the host OS.

Please fix ASAP.

 

SRCCLR-SID-30023



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Created] (FREEMARKER-202) SRCCLR-SID-30023 - SSTI

Reply via email to