CVE-2024-37301 - Vulnerability Details - OpenCVE

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.07802.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Adfinis	Document Merge Service

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-2170	Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed.
Github GHSA	GHSA-v5gf-r78h-55q6	document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074
https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-11T18:34:38.374Z

Updated: 2024-08-02T03:50:56.118Z

Reserved: 2024-06-05T20:10:46.497Z

Link: CVE-2024-37301

Vulnrichment

Updated: 2024-06-11T20:21:15.403Z

NVD

Status : Awaiting Analysis

Published: 2024-06-11T19:16:07.890

Modified: 2024-11-21T09:23:34.073

Link: CVE-2024-37301

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37301", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-05T20:10:46.497Z", "datePublished": "2024-06-11T18:34:38.374Z", "dateUpdated": "2024-08-02T03:50:56.118Z"}, "containers": {"cna": {"title": "document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC"], "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}], "affected": [{"vendor": "adfinis", "product": "document-merge-service", "versions": [{"version": "< 6.5.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-12T19:21:11.274Z"}, "descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}], "source": {"advisory": "GHSA-v5gf-r78h-55q6", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "adfinis", "product": "document_merge_service", "cpes": ["cpe:2.3:a:adfinis:document_merge_service:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.5.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T20:18:28.016202Z", "id": "CVE-2024-37301", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:21:20.380Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:50:56.118Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37301", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-11T20:18:28.016202Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:adfinis:document_merge_service:*:*:*:*:*:*:*:*"], "vendor": "adfinis", "product": "document_merge_service", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "6.5.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T20:21:15.403Z"}}], "cna": {"title": "document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection", "source": {"advisory": "GHSA-v5gf-r78h-55q6", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "adfinis", "product": "document-merge-service", "versions": [{"status": "affected", "version": "< 6.5.2"}]}], "references": [{"url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "name": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "name": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-12T19:21:11.274Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37301", "state": "PUBLISHED", "dateUpdated": "2024-06-12T19:21:11.274Z", "dateReserved": "2024-06-05T20:10:46.497Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-11T18:34:38.374Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed."}, {"lang": "es", "value": "Document Merge Service es un servicio de combinaci\u00f3n de plantillas de documentos que proporciona una API para administrar plantillas y combinarlas con datos determinados. Las versiones 6.5.1 y anteriores son vulnerables a la ejecuci\u00f3n remota de c\u00f3digo mediante la inyecci\u00f3n de plantillas del lado del servidor que, cuando se ejecuta como root, puede resultar en la toma total del sistema afectado. En el momento de la publicaci\u00f3n, no existe ninguna versi\u00f3n parcheada ni se ha revelado ning\u00fan workaround."}], "id": "CVE-2024-37301", "lastModified": "2024-11-21T09:23:34.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-11T19:16:07.890", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}, {"source": "security-advisories@github.com", "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/adfinis/document-merge-service/commit/a1edd39d33d1bdf75c31ea01c317547be90ca074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Secondary"}]}