CVE-2023-25345
Arbitrary local file read vulnerability during template rendering in npm/swig-templates
Identifiers
GHSA-2rq5-699j-x7p6, CVE-2023-25345
Package Slug
npm/swig-templates
Vulnerability
Arbitrary local file read vulnerability during template rendering
Description
Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.
Affected Versions
All versions up to 2.0.4
Solution
Unfortunately, there is no solution available yet.
Last Modified
2023-03-17
| source |