{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-28119", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-04T14:19:14.060Z", "datePublished": "2024-03-21T22:02:04.145Z", "dateUpdated": "2024-08-21T22:55:01.977Z"}, "containers": {"cna": {"title": "Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"}, {"name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"name": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "tags": ["x_refsource_MISC"], "url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99"}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"version": "< 1.7.45", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T22:02:04.145Z"}, "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue."}], "source": {"advisory": "GHSA-2m7x-c7px-hp58", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.108Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"}, {"name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"name": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99"}]}, {"affected": [{"vendor": "getgrav", "product": "grav", "cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.7.45", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-28T18:13:10.316112Z", "id": "CVE-2024-28119", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T22:55:01.977Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "name": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "name": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:48:49.108Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-28119", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-28T18:13:10.316112Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*"], "vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.45", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-21T22:54:56.849Z"}}], "cna": {"title": "Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler", "source": {"advisory": "GHSA-2m7x-c7px-hp58", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "getgrav", "product": "grav", "versions": [{"status": "affected", "version": "< 1.7.45"}]}], "references": [{"url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "name": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "name": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "name": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-21T22:02:04.145Z"}}}, "cveMetadata": {"cveId": "CVE-2024-28119", "state": "PUBLISHED", "dateUpdated": "2024-08-21T22:55:01.977Z", "dateReserved": "2024-03-04T14:19:14.060Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-21T22:02:04.145Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B96288-8090-4AF9-91EF-CBFCEB60039C", "versionEndExcluding": "1.7.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue."}, {"lang": "es", "value": "Grav es un sistema de gesti\u00f3n de contenidos de archivos planos de c\u00f3digo abierto. Antes de la versi\u00f3n 1.7.45, debido al acceso sin restricciones a la clase de extensi\u00f3n twig desde el contexto grav, un atacante pod\u00eda redefinir la funci\u00f3n de escape y ejecutar comandos arbitrarios. El procesamiento Twig de p\u00e1ginas est\u00e1ticas puede ser habilitado en la portada por cualquier usuario administrativo autorizado a crear o editar p\u00e1ginas. Como el procesador Twig se ejecuta sin entorno de pruebas, este comportamiento se puede utilizar para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario y elevar los privilegios en la instancia. La versi\u00f3n 1.7.45 contiene un parche para este problema."}], "id": "CVE-2024-28119", "lastModified": "2025-01-02T23:00:20.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-21T22:15:12.233", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}