CVE-2023-2259

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-2259

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2259.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-2259

Published

2023-04-24T21:15:09Z

Modified

2025-10-21T13:08:20.368321Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

References

Affected packages

Git / github.com/alfio-event/alf.io

Affected ranges

Type: GIT
Repo: https://github.com/alfio-event/alf.io
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

94e2923a317452e337393789c9f3192dfc1ddac2

Affected versions

1.*

1.10

1.10-RC1

1.10-RC2

1.10.1

1.11

1.12

1.12-RC1

1.12-RC2

1.12-RC3

1.12-RC4

1.13

1.13-RC1

1.13-RC2

1.13-RC3

1.14

1.14-RC1

1.14-RC2

1.14.1

1.4

1.4-RC2

1.4.1

1.5

1.6

1.7

1.8

1.8-RC1

1.8-RC2

1.9

1.9.1

2.*

2.0-M0

2.0-M1

2.0-M1-1906

2.0-M1-1906.1

2.0-M2

2.0-M3

2.0-M4

2.0-M4.RC1

2.0-M4.RC2

2.0-M4.RC3

2.0-M4.RC4

alfio-1.*

alfio-1.0

alfio-1.1

alfio-1.2

alfio-1.3

alfio-1.3-beta1

alfio-1.3.1

alfio-1.3.2

alfio-1.3.3

v1.*

v1.0-pre-rename

v1.0-pre-rename-v2

v1.0-pre-rename-v3

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "94817227771165662272218567516315683117",
                "133963998910877173152181698894210304851",
                "330201267947011580658799239899143078030",
                "223176977684511026515822005308980249428",
                "189011679323379864508993096763967139413",
                "321629887732196610741172517220529517018",
                "190026531462861645517337287780624256520",
                "118062763765986014342903838681342632798",
                "273728216436071240079925643722396596470",
                "33091925095569860619709254121954196807",
                "273490671869766197401460743226953985799"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/main/java/alfio/util/ExportUtils.java"
        },
        "id": "CVE-2023-2259-48455054",
        "source": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "189894203288258878817651014891324986423",
            "length": 545.0
        },
        "target": {
            "function": "exportCsv",
            "file": "src/main/java/alfio/util/ExportUtils.java"
        },
        "id": "CVE-2023-2259-b7eabcdc",
        "source": "https://github.com/alfio-event/alf.io/commit/94e2923a317452e337393789c9f3192dfc1ddac2",
        "signature_type": "Function"
    }
]