You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2020/05/02 12:31:54 UTC
[CVE-2020-1961] Server-Side Template Injection on mail templates
Description:
Vulnerability to Server-Side Template Injection on Mail templates enabling attackers to inject arbitrary JEXL expressions, leading to Remote
Code Execution (RCE) was discovered.
Severity: Important
Vendor: The Apache Software Foundation
Affects:
2.0.X releases prior to 2.0.15
2.1.X releases prior to 2.1.6
Solution:
2.0.X users: upgrade to 2.0.15
2.1.X users: upgrade to 2.1.6
Credit:
This issue was discovered by GitHub Security Labs team member Alvaro Muñoz - https://github.com/pwntester.
References:
https://syncope.apache.org/security