Impact
Edgewall's Genshi Template Engine contains a server‑side template injection flaw in its expression‑evaluation component, allowing a remote attacker to supply crafted template expressions that trigger the evaluation of arbitrary Python code, leading to remote code execution.
Affected Systems
The flaw affects Edgewall Genshi version 0.7.9. No other versions are listed as impacted in the CNA data.
Risk and Exploitability
The CVSS score is 9.8, and EPSS data is unavailable. The vulnerability permits unauthenticated remote code execution. It is inferred that exploitation requires an attacker to provide malicious template input, which can be done over the network via any interface that accepts unfiltered templates. The high severity and remote code execution impact make it a top‑priority issue for remediation.
OpenCVE Enrichment