Vulnerability	Vulnerable Version
C Improper Neutralization of Special Elements Used in a Template Engine com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content). Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to using `mapper.getTypeFactory().constructFromCanonical()` function. An attacker can instantiate arbitrary classes and potentially execute code by supplying crafted input to the deserialization process. How to fix Improper Neutralization of Special Elements Used in a Template Engine? Upgrade `com.hubspot.jinjava:jinjava` to version 2.8.1 or higher.	[,2.8.1)

Improper Neutralization of Special Elements Used in a Template Engine

com.hubspot.jinjava:jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates (at least the subset of jinja in use in HubSpot content).

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to using mapper.getTypeFactory().constructFromCanonical() function. An attacker can instantiate arbitrary classes and potentially execute code by supplying crafted input to the deserialization process.

How to fix Improper Neutralization of Special Elements Used in a Template Engine?

Upgrade com.hubspot.jinjava:jinjava to version 2.8.1 or higher.

[,2.8.1)

Go back to all versions of this package