CVE-2021-29440
HIGH severity · CVSS 8.4 · Code injection
8.4CVSS HIGH
Summary
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredHigh
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)31%
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://github.com/getgrav/grav/security/advisories/GHSA-g8r4-p96j-xfxcAdvisory
- https://packagist.org/packages/getgrav/gravAdvisory
- http://packetstormsecurity.com/files/162987/Grav-CMS-1.7.10-Server-Side-Template-Injection.htmlAdvisory
- https://blog.sonarsource.com/grav-cms-code-execution-vulnerabilitiesAdvisory