In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/Antaris/RazorEngine/issues/585 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-03-06T05:29:07
Updated: 2024-08-04T05:17:41.625Z
Reserved: 2022-03-06T00:00:00
Link: CVE-2021-46703
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-06T06:15:07.103
Modified: 2024-11-21T06:34:36.130
Link: CVE-2021-46703
Redhat
No data.