GHSA-m49c-g9wr-hv6v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m49c-g9wr-hv6v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-m49c-g9wr-hv6v/GHSA-m49c-g9wr-hv6v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m49c-g9wr-hv6v
- Aliases
- Published
- 2025-09-17T19:56:21Z
- Modified
- 2025-10-06T16:52:51.161417Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- jinjava has Sandbox Bypass via JavaType-Based Deserialization
- Details
-
Summary
jinjava’s current sandbox restrictions prevent direct access to dangerous methods such as
getClass(), and block instantiation of Class objects. However, these protections can be bypassed.By using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals.
As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE).
Details
jinjava templates expose a built-in variable
____int3rpr3t3r____, which provides direct access to the jinjavaInterpreter instance. This variable was previously abused and protections were added to prevent call method fromJinjavaInterpreterinstances (see Add interpreter to blacklist). However, interacting with the properties ofJinjavaInterpreterinstances remains unrestricted.From
____int3rpr3t3r____, it is possible to traverse to theconfigfield, which exposes an ObjectMapper. By invokingreadValue(String content, JavaType valueType)on this ObjectMapper, an attacker can instantiate arbitrary classes specified viaJavaType.Although jinjava explicitly restricts dangerous classes such as
Class,ClassLoader, and so on insideJinjavaBeanELResolver, theJavaTypeclass itself is not restricted.As a result, an attacker can leverage
JavaTypeconstruction (constructFromCanonical) to instantiate semi-arbitrary classes without directly calling restricted methods.This allows sandbox escape and the creation of powerful primitives.
Impact
Escape the Jinjava sandbox and instantiate a wide range of classes using JavaType. This capability can be used to read arbitrary files and to perform full read SSRF by creating network-related objects. In certain environments, depending on the available classes, this primitive can even lead to complete remote code execution.
- Database specific
{ "nvd_published_at": "2025-09-17T20:15:36Z", "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2025-09-17T19:56:21Z", "cwe_ids": [ "CWE-1336" ] }- References
-
- https://github.com/HubSpot/jinjava/security/advisories/GHSA-m49c-g9wr-hv6v
- https://nvd.nist.gov/vuln/detail/CVE-2025-59340
- https://github.com/HubSpot/jinjava/commit/66df351e7e8ad71ca04dcacb4b65782af820b8b1
- https://github.com/HubSpot/jinjava
- https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.7.5
- https://github.com/HubSpot/jinjava/releases/tag/jinjava-2.8.1
Affected packages
Maven / com.hubspot.jinjava:jinjava
Package
- Name
- com.hubspot.jinjava:jinjava
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hubspot.jinjava/jinjava
Maven / com.hubspot.jinjava:jinjava
Package
- Name
- com.hubspot.jinjava:jinjava
- View open source insights on deps.dev
- Purl
- pkg:maven/com.hubspot.jinjava/jinjava
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.5