CVE-2023-34252

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2023-34252
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-06-14 22:15:00 UTC
Updated2023-11-07 04:15:00 UTC
DescriptionGrav is a file-based Web platform. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a callable argument allows the validation check to be skipped. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. The vulnerability can be found in the `GravExtension.filterFilter()` function declared in `/system/src/Grav/Common/Twig/Extension/GravExtension.php`. Version 1.7.42 contains a patch for this issue. End users should also ensure that `twig.undefined_functions` and `twig.undefined_filters` properties in `/path/to/webroot/system/config/system.yaml` configuration file are set to `false` to disallow Twig from treating undefined filters/functions as PHP functions and executing them.

Risk And Classification

Problem Types: CWE-94

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Getgrav Grav All All All All

References

ReferenceSourceLinkTags
also handle SSTI in reduce twig filter + function · getgrav/grav@244758d · GitHub MISC github.com
grav/system/src/Grav/Common/Utils.php at 1.7.40 · getgrav/grav · GitHub MISC github.com
Grav Server-side Template Injection (SSTI) via Insufficient Validation in filterFilter · Advisory · getgrav/grav · GitHub MISC github.com
grav/system/src/Grav/Common/Twig/Extension/GravExtension.php at 1.7.40 · getgrav/grav · GitHub MISC github.com
better SSTI in |map and |filter · getgrav/grav@8c2c1cb · GitHub MITRE github.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report