CVE-2023-34448
Summary
| CVE | CVE-2023-34448 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-14 23:15:00 UTC |
| Updated | 2023-06-22 16:31:00 UTC |
| Description | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Server Side Template Injection vulnerability found in grav | MISC | huntr.dev | |
| Fixed Twig `|filter()` allowing code execution · getgrav/grav@9d6a2db · GitHub | MISC | www.github.com | |
| Grav Server-side Template Injection (SSTI) via Twig Default Filters · Advisory · getgrav/grav · GitHub | MISC | github.com | |
| better SSTI in |map and |filter · getgrav/grav@8c2c1cb · GitHub | MISC | github.com | |
| Twig/src/Environment.php at v1.44.7 · twigphp/Twig · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.