Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.
References
Link | Resource |
---|---|
https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8 | Patch Vendor Advisory |
https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8 | Vendor Advisory |
https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148 | Vendor Advisory |
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ | Exploit Patch Third Party Advisory |
https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 | Exploit Mitigation Vendor Advisory |
Configurations
History
22 Jun 2023, 16:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1336 |
CWE-94 |
CPE | cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8 - Vendor Advisory | |
References | (MISC) https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148 - Vendor Advisory | |
References | (MISC) https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 - Exploit, Mitigation, Vendor Advisory | |
References | (MISC) https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/ - Exploit, Patch, Third Party Advisory | |
References | (MISC) https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Getgrav
Getgrav grav |
15 Jun 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`. |
14 Jun 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-14 23:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-34448
Mitre link : CVE-2023-34448
CVE.ORG link : CVE-2023-34448
JSON object : View
Products Affected
getgrav
- grav