CVE-2022-37767: Incorrect Authorization

September 13, 2022 (updated November 5, 2022)

Pebble Templates allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok

References

github.com/PebbleTemplates/pebble/issues/625
github.com/Y4tacker/Web-Security/issues/3
github.com/advisories/GHSA-wxx5-w9jc-48wx
nvd.nist.gov/vuln/detail/CVE-2022-37767

Detect and mitigate CVE-2022-37767 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →