Description: Vulnerability to Server-Side Template Injection on Mail templates enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered.
Severity: Important Vendor: The Apache Software Foundation Affects: 2.0.X releases prior to 2.0.15 2.1.X releases prior to 2.1.6 Solution: 2.0.X users: upgrade to 2.0.15 2.1.X users: upgrade to 2.1.6 Credit: This issue was discovered by GitHub Security Labs team member Alvaro Muñoz - https://github.com/pwntester. References: https://syncope.apache.org/security
