RSS   Vulnerabilities for 'Jinjava'   RSS

2021-02-19
 
CVE-2020-12668

CWE-200
 

 
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.

 
2019-01-02
 
CVE-2018-18893

CWE-noinfo
 

 
Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java.

 

 >>> Vendor: Hubspot 3 Products
Hubl-server
Jinjava
Hubspot


Copyright 2024, cxsecurity.com

 

Back to Top