CVE-2021-23803

Incorrect Authorization in packagist/latte/latte

Identifiers

CVE-2021-23803

Package Slug

packagist/latte/latte

Vulnerability

Incorrect Authorization

Description

There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.

Affected Versions

All versions before 2.10.6

Solution

Upgrade to version 2.10.6 or above.

Last Modified

2022-01-04

source