CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-29454 – Sandbox Escape by math function in smarty
https://notcve.org/view.php?id=CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. • https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71 https://github.com/smarty-php/smarty/releases/tag/v3.1.42 https://github.com/smarty-php/smarty/releases/tag/v4.0.2 https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ https://lists.fedoraproject.org/archives/l • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23543 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23543
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a una Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908 https://www.npmjs.com/package/realms-shim • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23594 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23594
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a la Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907 https://www.npmjs.com/package/realms-shim • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-21648 – Sandbox bypass in Latte templates
https://notcve.org/view.php?id=CVE-2022-21648
Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. ... Desde la versión 2.8.0, Latte ha incluido un sandbox de plantillas y en las versiones afectadas se ha encontrado que se presenta un escape del sandbox que permite una inyección en páginas web generadas desde Latte. • https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44078
https://notcve.org/view.php?id=CVE-2021-44078
It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. ... An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine. ... Permite a atacantes locales escapar del sandbox. ... Un atacante puede aprovechar esta vulnerabilidad para escapar del sandbox y ejecutar código arbitrario en la máquina anfitriona • https://gist.github.com/jwang-a/cb4b6e9551457aa299066076b836a2cd https://github.com/jwang-a/CTF/blob/master/MyChallenges/Pwn/Unicorns_Aisle/UnicornsAisle.pdf https://github.com/unicorn-engine/unicorn/commit/c733bbada356b0373fa8aa72c044574bb855fd24 https://github.com/unicorn-engine/unicorn/compare/2.0.0-rc4...2.0.0-rc5 https://www.unicorn-engine.org/changelog • CWE-697: Incorrect Comparison •