GHSA-ph3v-2hq5-5qfq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ph3v-2hq5-5qfq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-ph3v-2hq5-5qfq/GHSA-ph3v-2hq5-5qfq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-ph3v-2hq5-5qfq
- Aliases
- Published
- 2022-03-07T00:00:41Z
- Modified
- 2024-12-05T05:23:34.531620Z
- Summary
- Code injection in RazorEngine
- Details
-
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Database specific
{ "nvd_published_at": "2022-03-06T06:15:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-03-11T20:30:20Z" }- References
Affected packages
NuGet / RazorEngine
Package
- Name
- RazorEngine
- View open source insights on deps.dev
- Purl
- pkg:nuget/RazorEngine
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.5.1-alpha001
Affected versions
2.*
2.1.0
3.*
3.0.0
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.1.0
3.2.0
3.3.0
3.4.0
3.4.1
3.4.2
3.5.0-beta1
3.5.0-beta2
3.5.0-beta3
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.6.1
3.6.2
3.6.3-beta1
3.6.3-beta2
3.6.3
3.6.4
3.6.5-beta1
3.6.5
3.6.6-beta1
3.6.6-beta2
3.6.6
3.7.0-beta1
3.7.0
3.7.1-alpha1
3.7.2
3.7.3
3.7.4
3.7.5-beta1
3.7.5-beta2
3.7.5
3.7.6
3.7.7
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
3.10.0
3.10.1-alpha001
4.*
4.0.0-beta1
4.0.0-beta2
4.0.1-beta1
4.0.2-beta1
4.0.3-beta1
4.1.0-beta1
4.1.1-beta1
4.1.2-beta1
4.1.3-beta2
4.1.4-beta1
4.1.5-beta1
4.1.6-beta1
4.2.0-beta1
4.2.0-beta2
4.2.0-beta3
4.2.1-beta1
4.2.2-beta1
4.2.3-beta1
4.2.4-beta1
4.2.5-beta1
4.2.6-beta1
4.2.7-beta1
4.3.0-beta1
4.3.1-beta1
4.3.2-beta1
4.4.0-rc1
4.4.1-rc1
4.4.2-rc1
4.4.3-rc1
4.5.0-rc1
4.5.1-alpha001