Homepage
About Snyk

com.hubspot.jinjava:jinjava@2.0.0 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.hubspot.jinjava:jinjava package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content).

Affected versions of this package are vulnerable to Information Exposure. It allows access to arbitrary classes by calling Java methods on objects passed into a Jinjava context.

How to fix Information Exposure?

Upgrade com.hubspot.jinjava:jinjava to version 2.5.4 or higher.

[,2.5.4)
  • M
Remote Code Execution

com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content).

Affected versions of this package are vulnerable to Remote Code Execution via the com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java path. It was possible to call the getClass() method on any object.

How to fix Remote Code Execution?

Upgrade com.hubspot.jinjava:jinjava to version 2.4.6 or higher.

[,2.4.6)
Go back to all versions of this package