Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CPE | Name | Operator | Version |
---|---|---|---|
halo | eq | 0.1 | |
halo | eq | 1.0.0-beta.3 | |
halo | eq | 1.0.0-beta.2 | |
halo | eq | 1.0.0-beta.5 | |
halo | eq | 0.0.8 | |
halo | eq | 0.0.2 | |
halo | eq | 1.0.0-beta.8 | |
halo | eq | 0.0.6 | |
halo | eq | 1.0.2 | |
halo | eq | 0.1.1 |