Homepage

com.hubspot.jinjava:jinjava@2.0.11-java7 vulnerabilities

  • latest version

    2.7.3

  • latest non vulnerable version

    2.7.3

  • first published

    10 years ago

  • latest version published

    3 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.hubspot.jinjava:jinjava package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content).

    Affected versions of this package are vulnerable to Information Exposure. It allows access to arbitrary classes by calling Java methods on objects passed into a Jinjava context.

    How to fix Information Exposure?

    Upgrade com.hubspot.jinjava:jinjava to version 2.5.4 or higher.

    [,2.5.4)
    • M
    Remote Code Execution

    com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content).

    Affected versions of this package are vulnerable to Remote Code Execution via the com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java path. It was possible to call the getClass() method on any object.

    How to fix Remote Code Execution?

    Upgrade com.hubspot.jinjava:jinjava to version 2.4.6 or higher.

    [,2.4.6)
    Go back to all versions of this package