Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jinjava
(Hubspot)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-19 | CVE-2020-12668 | Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. | Jinjava | 6.5 | ||
| 2019-01-03 | CVE-2018-18893 | Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java. | Jinjava | 5.3 |