CVE-2022-21648

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-21648
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21648.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-21648
Aliases
Downstream
Published
2022-01-04T20:10:11Z
Modified
2025-12-04T10:06:38.539886Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator
Summary
Sandbox bypass in Latte templates
Details

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the versions 2.8.8, 2.9.6 and 2.10.8. Users unable to upgrade should not accept template input from untrusted sources.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21648.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/nette/latte

Affected ranges

Type
GIT
Repo
https://github.com/nette/latte
Events
Introduced
21861cfee4ba19f853a34bcaab15d6ec332d8fa0
Fixed
7b314959633675400284226cd87e43fbbe8a9207
Database specific 
{
    "versions": [
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/nette/latte
Events
Introduced
4cd61a413ac6dadf918281f4626f19b6f99c7978
Fixed
a293672f97459b525ccb5b85550baf0d4851066f
Database specific 
{
    "versions": [
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.8"
        }
    ]
}

Affected versions

v2.*

v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21648.json"