com.mitchellbosecke:pebble@1.3.1 vulnerabilities

latest version

2.4.0
first published

10 years ago
latest version published

7 years ago
licenses detected
- BSD-3-Clause
  [0.0.3,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.mitchellbosecke:pebble package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Arbitrary Code Execution com.mitchellbosecke:pebble is a java templating engine inspired by Twig. Affected versions of this package are vulnerable to Arbitrary Code Execution. It allows attackers to bypass a protection mechanism (intended to block access to instances of `java.lang.Class`) due to `getClass` being accessible via the public static `java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String)` signature. How to fix Arbitrary Code Execution? Upgrade `com.mitchellbosecke:pebble` to version 3.1.4 or higher.	[,3.1.4)

Arbitrary Code Execution

com.mitchellbosecke:pebble is a java templating engine inspired by Twig.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) due to getClass being accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature.

How to fix Arbitrary Code Execution?

Upgrade com.mitchellbosecke:pebble to version 3.1.4 or higher.

[,3.1.4)

Go back to all versions of this package

com.mitchellbosecke:pebble@1.3.1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities