Server-Side Template Injection (SSTI)

2020-05-0805:10:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

31.0%

JSON

barrelstrength/sprout-base-email is vulnerable to server-side template injection. An attacker is able to inject arbitrary template and execute Twig code on the server.

References

github.com/barrelstrength/craft-sprout-forms/blob/v3/CHANGELOG.md#390---2020-04-09-critical

github.com/barrelstrength/craft-sprout-forms/security/advisories/GHSA-px8v-hxxx-2rgh

EPSS

0.001

Percentile

31.0%

JSON

Related for VERACODE:25203