Filtered by vendor Nette
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23803 | 1 Nette | 1 Latte | 2021-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions. | |||||
| CVE-2020-15227 | 2 Debian, Nette | 2 Debian Linux, Application | 2021-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. | |||||