CVE-2019-19999

Published December 26th, 2019

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.

halo-dev/halo

Halo 是一款强大易用的开源建站工具，从个人博客、知识库，到企业官网、在线商城，Halo 都能助您轻松实现，一站式满足您的多样化建站需求。

GitHub

39.1K